Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:8626 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 61245 invoked by uid 1010); 19 Mar 2004 21:23:57 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 61158 invoked from network); 19 Mar 2004 21:23:56 -0000 Received: from unknown (HELO mail.funio.com) (66.199.166.4) by pb1.pair.com with SMTP; 19 Mar 2004 21:23:56 -0000 Recieved: (qmail 6203 invoked by uid 0); 19 Mar 2004 21:23:08 -0000 Received: from unknown (HELO www.funio.com) (66.199.166.104) by 0 with SMTP; 19 Mar 2004 21:23:08 -0000 Received: from 66.158.132.127 (SquirrelMail authenticated user boulat@funio.com) by www.funio.com with HTTP; Fri, 19 Mar 2004 16:28:31 -0500 (EST) Message-ID: <63849.66.158.132.127.1079731711.squirrel@www.funio.com> In-Reply-To: <200403191609.28127.ilia@prohost.org> References: <61700.66.158.132.127.1079718509.squirrel@www.funio.com> <200403191602.17011.ilia@prohost.org> <200403191609.28127.ilia@prohost.org> Date: Fri, 19 Mar 2004 16:28:31 -0500 (EST) To: ilia@prohost.org,rasmus@php.net Cc: internals@lists.php.net User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: [PHP-DEV] new security related directive for php-4.3.4 From: boulat@funio.com > On March 19, 2004 04:05 pm, you wrote: >> If you are using open_basedir at all, you have already given up all hope >> of any sort of performance. > > Certainly, but this would make the existing situation much worse then it > already is. Ideally fastcgi or ap2 should be used where it is possible to > make the web server processes run under the user's account hence avoiding > the > needed for open_basedir, safe_mode, etc... all together. So then following your logic why not remove open_basedir,safe_mode,etc all together from PHP, just to increase the performance? However, if you do decide to keep those since "the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode " why not improve open_basedir, safe_mode, etc.. security options making PHP even more popular and robust? Cheers, Boulat. > > Ilia >