Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:16950
Return-Path: <nelson@crynwr.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 15864 invoked by uid 1010); 28 Jun 2005 03:22:22 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 15849 invoked from network); 28 Jun 2005 03:22:22 -0000
Received: from unknown (HELO crynwr.com) (127.0.0.1)
  by localhost with SMTP; 28 Jun 2005 03:22:22 -0000
X-Host-Fingerprint: 192.203.178.14 ns1.crynwr.com Linux 2.0.3x (1)
Received: from ([192.203.178.14:1678] helo=ns1.crynwr.com)
	by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP
	id 85/27-00424-E62C0C24 for <internals@lists.php.net>; Mon, 27 Jun 2005 23:22:22 -0400
Received: (qmail 13650 invoked from network); 28 Jun 2005 03:22:17 -0000
Received: from dpc6745223014.direcpc.com (HELO desk.crynwr.com) (67.45.223.14)
	by pdam.crynwr.com with SMTP; 28 Jun 2005 03:22:17 -0000
Received: (qmail 14938 invoked by uid 500); 28 Jun 2005 03:21:31 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=dog; d=crynwr.com;
	b=BdIoUkfKvpR1ZF0Oqcl7E23Gf8tl8TW/8EsgbSifjP8YZwibKko0hOm49EPISci3  ;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <17088.49723.532833.693725@desk.crynwr.com>
Date: Mon, 27 Jun 2005 23:21:31 -0400
To: internals@lists.php.net
In-Reply-To: <6C.55.22648.2627CB24@pb1.pair.com>
References: <20050624055017.25065.qmail@desk.crynwr.com>
	<6C.55.22648.2627CB24@pb1.pair.com>
X-Mailer: VM 7.17 under 21.4 (patch 17) "Jumbo Shrimp" XEmacs Lucid
Subject: Re: [PHP-DEV] Re: 'include' Considered Harmful
From: nelson@crynwr.com (Russell Nelson)

Unknown W. Brackets writes:
 > Why not simply disable allow_url_fopen on your server or servers?

Why don't people do that?  Obviously ... they don't.

If you have no other answer than "Maybe they don't care about
security, maybe they're stupid, maybe they're native", then may I
suggest that the problem is intrinsic to 'include'?

-- 
--My blog is at     blog.russnelson.com         | If you want to find
Crynwr sells support for free software  | PGPok | injustice in economic
521 Pleasant Valley Rd. | +1 315-323-1241       | affairs, look for the
Potsdam, NY 13676-3213  |                       | hand of a legislator.