Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:8622
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Date: Fri, 19 Mar 2004 13:05:03 -0800 (PST)
To: Ilia Alshanetsky <ilia@prohost.org>
cc: internals@lists.php.net, boulat@funio.com
In-Reply-To: <200403191602.17011.ilia@prohost.org>
Message-ID: <Pine.LNX.4.58.0403191303580.2205@thinkpad.lerdorf.com>
References: <61700.66.158.132.127.1079718509.squirrel@www.funio.com>
 <63330.66.158.132.127.1079724184.squirrel@www.funio.com>
 <Pine.LNX.4.58.0403191237500.2205@thinkpad.lerdorf.com>
 <200403191602.17011.ilia@prohost.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] new security related directive for php-4.3.4
From: rasmus@php.net (Rasmus Lerdorf)

On Fri, 19 Mar 2004, Ilia Alshanetsky wrote:
> As for Rasmus' idea of adding various options and possibly regular expression. 
> open_basedir works right now with a minimum amount of overhead in most 
> situations. Which still makes the file operations a fair bit slower, but 
> certainly acceptable loss given the security benefits. However, adding more 
> options, that would make open_basedir resolving quite a bit slower will 
> quickly tip the scales in favor of performance. With complex file system 
> operation checks, you certainly will not be able to host anywhere near 3000 
> users.

If you are using open_basedir at all, you have already given up all hope 
of any sort of performance.

-Rasmus