> I'm against deprecating it or removing it. > > As said earlier, it has some security value, especially with mass > hosting. If I'm hosting thousands of websites for thousands of users, > using chroot is not doable, and open_basedir is a good alternative (at > least it's better than nothing). > > That's why it's used by ISPconfig and other panels: there is no other > solution that I know of.
That's exactly the reason why I'm for removing it. There will always be ways to circumvent open_basedir and setups like this are insecure. It gives a false sense of security. It's not better than nothing, because most hosting providers would opt for a real solution instead of leaving users entirely unprotected. Regards, Niklas -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
