Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:20350 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 91144 invoked by uid 1010); 25 Nov 2005 09:52:51 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 91129 invoked from network); 25 Nov 2005 09:52:51 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Nov 2005 09:52:51 -0000 X-Host-Fingerprint: 195.227.108.51 wfserver02.wf-ppr.de Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) Received: from ([195.227.108.51:54045] helo=wfserver02.wf-ppr.de) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 9E/62-56276-3FED6834 for ; Fri, 25 Nov 2005 04:52:51 -0500 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Fri, 25 Nov 2005 10:52:47 +0100 Message-ID: <00A2E2156BEE8446A81C8881AE117F192C1CF7@companyweb> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [PHP-DEV] Re: PDM Meeting Notes Thread-Index: AcXxXZVmQw64f4dGTqGkNzzfiYyxAgASEoSw To: "Sara Golemon" , Subject: AW: [PHP-DEV] Re: PDM Meeting Notes From: mp@webfactory.de ("Matthias Pigulla") > > Well, safe_mode could prevent someone of doing a shell_exec("cat=20 > > /home/otheruser/web/config.php"); open_basedir can't do the same=20 > > thing. > >=20 > disabled_functions=3Dshell_exec, etc.... But safe_mode is more safe because it disables these functions altogether? It's difficult to maintain a complete list of "bad" functions in php.ini. -mp.