[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Document the bug fix policy regarding PHP Safe Mode

Florian Weimer <fw@deneb.enyo.de> wrote:
> <p>This decision is based on the on two observations: Most PHP users
> are small-scale users, not service providers.  As a result, they do
> not have to deal with the challenge of multiple users who need to
> write PHP scripts which run on the web server, but do not trust each
> other. [...]

Where does this observation come from and do we know whether it's
true for debian? I certainly know a higher proportion of multi-user
servers with PHP installed than the proportion of desktop systems
I know with PHP.

> <p>Of course, it is possible to enable Safe Mode as an additional
> layer of defense.  However, as the only layer, it is far too weak.</p>

It is possible to use this layer, but not very convenient if
debian-packaged PHP apps won't run safely in Safe Mode.

MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/

Reply to: