Pierre Habouzit wrote: > there is no place for flames here ;p ;) > I don't what the point of that change is ... > what is your gain here ? Security in two scenarios: I have users who can upload via sftp/ftp, but not run anything on the server. I also have some sites and webapps, some of which I want to enable php on. However, I don't trust any of the users (current/future) with php access. Therefore it would be nice if the webapps worked with engine=off by default. I have a webapp that allows the public to upload stuff, which can be then downloaded again. I only want the scripts that handle this uploading to be executed, and not any of the files that get uploaded. Therefore it would be nice if the webapp worked with engine=off by default. There may be more I can't think of. -- bye, pabs
Attachment:
signature.asc
Description: This is a digitally signed message part