Am 17.08.2011 16:25, schrieb Pierre Joye: > On Wed, Aug 17, 2011 at 3:16 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > >> so if "realpath_cache" will not be fixed in combination with "open_basedir" >> it can be totally removed also for the handful of non-shared hosts > > Again, as stated many times already, php is not alone on a webserver. > Many other tools or apps can and will create symbolic links, on > purpose or not (flaws). There is no chance that we will ever cache > open_basedir checks. There are alternative solutions as well
again: if someone knows his setup he knows if anything else could create symlinks and as long there is no access outside PHP for 250 domains on our mainserver using all the same cms and only two admins have access it is pretty safe skip the symlink-check there is NO possibility to get ever a symlink in a webspace
signature.asc
Description: OpenPGP digital signature