Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:31921 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 99231 invoked by uid 1010); 26 Aug 2007 23:59:57 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 99215 invoked from network); 26 Aug 2007 23:59:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Aug 2007 23:59:57 -0000 Authentication-Results: pb1.pair.com header.from=judas.iscariote@gmail.com; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=judas.iscariote@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 64.233.162.230 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: judas.iscariote@gmail.com X-Host-Fingerprint: 64.233.162.230 nz-out-0506.google.com Received: from [64.233.162.230] ([64.233.162.230:49313] helo=nz-out-0506.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 38/70-13657-BF312D64 for ; Sun, 26 Aug 2007 19:59:56 -0400 Received: by nz-out-0506.google.com with SMTP id x7so916181nzc for ; Sun, 26 Aug 2007 16:59:53 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UcWw39NqKIKL8fw46o+siGC7R75L0El5Q18xtVApLkevw7DxAWcww9SO6VkW3Z/wcmlqLgOg1Ufxi/xJFaJaTk8lF8pIzm7HBrb8AnP/xw8FrmJD4YSmJcClYnRWVf+1TvZ1s5Gf4yvv/ar3gdza0nLa3IHC02gnDWKC/CtUm90= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hlYMOIiRXE/9poHiWjLKLNvo/nM35ihEirX3yrSaDnH1O4HBwoxNDlJka9awfOI5sghZ8n/tjkTy5mKiRk4SVXdOb6nSKpmvxqnvsbU98vsXCwC/G0jF1ugN5xhCuYzGdMWzyL4n8rsdkMIWdzD8E85bTd8UewTE1yXK9D4VwWo= Received: by 10.142.108.14 with SMTP id g14mr483190wfc.1188172792311; Sun, 26 Aug 2007 16:59:52 -0700 (PDT) Received: by 10.142.84.16 with HTTP; Sun, 26 Aug 2007 16:59:52 -0700 (PDT) Message-ID: <7d5a202f0708261659v4300d331oce7357f4c3b6c019@mail.gmail.com> Date: Sun, 26 Aug 2007 19:59:52 -0400 To: internals@lists.php.net In-Reply-To: <20070826193146.GQ16782@arvo.suso.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070826193146.GQ16782@arvo.suso.org> Subject: Re: [PHP-DEV] Safe mode being removed in PHP6? From: judas.iscariote@gmail.com ("Cristian Rodriguez") On 8/26/07, Mark Krenz wrote: > So what is the plan for increasing the security of PHP rather than > decreasing it? The plan is probably increasing the security of PHP, and removing safe_mode is an step to do that, false sense of security is worst than no security at all, unfortunately there are lot of people that believes in the myth that safe_mode actually provides security... safe_mode is one of the worst, ill-concieved "features" of PHP and Im glad to see last of it. No, it does not work the way you expect, Ilia has an interesting article about this see http://ilia.ws/archives/18-PHPs-safe_mode-or-how-not-to-implement-security.html > > -- http://www.kissofjudas.net/