Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70040 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 68394 invoked from network); 6 Nov 2013 20:44:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Nov 2013 20:44:41 -0000 Authentication-Results: pb1.pair.com header.from=christopher.jones@oracle.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=christopher.jones@oracle.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain oracle.com designates 156.151.31.81 as permitted sender) X-PHP-List-Original-Sender: christopher.jones@oracle.com X-Host-Fingerprint: 156.151.31.81 userp1040.oracle.com Received: from [156.151.31.81] ([156.151.31.81:32708] helo=userp1040.oracle.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3D/13-50145-73AAA725 for ; Wed, 06 Nov 2013 15:44:39 -0500 Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rA6KiYlr010568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 6 Nov 2013 20:44:35 GMT Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rA6KiYwF005070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 6 Nov 2013 20:44:34 GMT Received: from abhmt115.oracle.com (abhmt115.oracle.com [141.146.116.67]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rA6KiYE3029572 for ; Wed, 6 Nov 2013 20:44:34 GMT Received: from [130.35.70.238] (/130.35.70.238) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Nov 2013 12:44:33 -0800 Message-ID: <527AAA31.707@oracle.com> Date: Wed, 06 Nov 2013 12:44:33 -0800 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: internals@lists.php.net References: <60B9BBE0-BC3F-490A-AD78-9EBC22C808CF@googlemail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: acsinet21.oracle.com [141.146.126.237] Subject: Re: [PHP-DEV] CLI Web Server customization From: christopher.jones@oracle.com (Christopher Jones) On 11/06/2013 12:00 PM, Yasuo Ohgaki wrote: > Hi Adam, > > On Thu, Nov 7, 2013 at 1:45 AM, Adam Harvey wrote: > >> My recollection of the discussion at the time was that part of the >> reasoning behind that note was security: the CLI server was a new >> piece of code, and the public Internet is a pretty hostile place, >> particularly for Web servers. Therefore the intention was to >> discourage users from exposing the CLI server on anything other than >> loopback and private networks. >> >> It doesn't sound like that's a problem for Kevin, but I'm pretty sure >> that was part of the context there. >> > > I agree. > > There was security issue in cli server in fact. > Current documentation is too much. IMHO. > It may be good time to modify our doc a little. > > Any objection for making security warning to a note > that discourages use under internet? One reason for suggesting it is only for limited use is so that users don't expect it to be (or to become) a fully featured web server. Chris -- christopher.jones@oracle.com http://twitter.com/ghrd Free PHP & Oracle book: http://www.oracle.com/technetwork/topics/php/underground-php-oracle-manual-098250.html