Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:27369 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 14648 invoked by uid 1010); 11 Jan 2007 17:02:05 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 14629 invoked from network); 11 Jan 2007 17:02:05 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Jan 2007 17:02:05 -0000 Authentication-Results: pb1.pair.com header.from=ilia@prohost.org; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=ilia@prohost.org; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain prohost.org from 64.233.166.181 cause and error) X-PHP-List-Original-Sender: ilia@prohost.org X-Host-Fingerprint: 64.233.166.181 py-out-1112.google.com Linux 2.4/2.6 Received: from [64.233.166.181] ([64.233.166.181:5459] helo=py-out-1112.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 14/4C-42349-B8D66A54 for ; Thu, 11 Jan 2007 12:02:03 -0500 Received: by py-out-1112.google.com with SMTP id a25so263026pyi for ; Thu, 11 Jan 2007 09:02:01 -0800 (PST) Received: by 10.35.27.2 with SMTP id e2mr2847923pyj.1168534921150; Thu, 11 Jan 2007 09:02:01 -0800 (PST) Received: from ?192.168.1.131? ( [204.101.63.110]) by mx.google.com with ESMTP id p77sm1034694pyb.2007.01.11.09.02.00; Thu, 11 Jan 2007 09:02:00 -0800 (PST) In-Reply-To: <20070111162545.GM26328@arvo.suso.org> References: <20070111144144.GV15998@mint.phcomp.co.uk> <45A65B19.40900@lerdorf.com> <45A6600D.1090500@hardened-php.net> <20070111161731.GB15998@mint.phcomp.co.uk> <20070111162545.GM26328@arvo.suso.org> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: Cc: Alain Williams , Stefan Esser , Rasmus Lerdorf , internals@lists.php.net, kel@securityfocus.com Content-Transfer-Encoding: 7bit Date: Thu, 11 Jan 2007 12:01:52 -0500 To: Mark Krenz X-Mailer: Apple Mail (2.752.3) Subject: Re: [PHP-DEV] Comments on PHP security From: ilia@prohost.org (Ilia Alshanetsky) Safe mode does suck, and it utterly useless anyone who knows PHP internals will happily tell you that. On 11-Jan-07, at 11:25 AM, Mark Krenz wrote: > On Thu, Jan 11, 2007 at 04:17:31PM GMT, Alain Williams > [addw@phcomp.co.uk] said the following: >> On Thu, Jan 11, 2007 at 05:04:30PM +0100, Stefan Esser wrote: >> >>> PS: Stop the "We are secure" marketing and face reality >> >> More to the point: ''We might be secure because we are careful >> experienced programmers'', >> however many of those who write in PHP are not careful and/or >> experienced, we should >> be looking to help those people - there are more of them than they >> are of us. >> > > And for the programmers that write programs that require safe mode to > be off or don't provide a provision for having it on. STOP telling > your > users things like "If your webhost has safe mode on then they suck". > Safe mode is the only way to get around certain situations. Get a > clue. > You know who you are. > > Somehow I doubt any of these said programmers are on this list. > Shame. > > Mark > > > -- > Mark S. Krenz > IT Director > Suso Technology Services, Inc. > http://suso.org/ > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > Ilia Alshanetsky