Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14554 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 14305 invoked by uid 1010); 3 Feb 2005 01:57:32 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 14282 invoked from network); 3 Feb 2005 01:57:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2005 01:57:32 -0000 X-Host-Fingerprint: 195.82.120.217 stack.fission.org.uk Linux 2.4/2.6 Received: from ([195.82.120.217:38781] helo=stack.fission.org.uk) by pb1.pair.com (ecelerity HEAD (r4105:4106)) with SMTP id 65/62-30841-90581024 for ; Wed, 02 Feb 2005 20:57:29 -0500 Received: from cpc1-oxfd5-6-0-cust152.oxfd.cable.ntl.com ([81.105.118.152] helo=[192.168.0.20]) by stack.fission.org.uk with esmtp (Exim 3.36 #1 (Debian)) id 1CwW7H-0008Jp-00; Thu, 03 Feb 2005 01:49:07 +0000 Message-ID: <42018329.3010300@fission.org.uk> Date: Thu, 03 Feb 2005 01:49:29 +0000 User-Agent: Mozilla Thunderbird 0.9 (X11/20041125) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Rasmus Lerdorf CC: internals@lists.php.net References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> <12510140304.20050202223853@marcus-boerger.de> <42014F3B.5040607@lerdorf.com> In-Reply-To: <42014F3B.5040607@lerdorf.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 5.1 From: gareth@fission.org.uk (Gareth Ardron) Rasmus Lerdorf wrote: > > TCP/IP Firewalls break all sorts of applications as well until either > the application is modified to poke a hole in the firewall itself via > upnp, or you reconfigure the firewall. This makes firewalls annoying, > but they are necessary. This is exactly the same thing. It is a data > firewall for PHP. You don't have to use it, but people want it and > need it. I would think the difficulty would be in informing people that functionality like this is only the start of good security. Maybe a proper, official, howto on PHP security should be drawn up - or it'll just leave people blindly using things like this. To go back to the firewall analogy, it's like putting the most expensive firewall in the world in place, behind which are a dozen totally unpatched microsoft exchange server and a linux box running bind 8.0. Again, just my 2c. -- Gareth Ardron