Why most run Microsoft, not RedHat
Ingemar Nilsson
init at pdc.kth.se
Wed Apr 25 10:18:37 UTC 2007
Rick Stevens <rstevens at internap.com> writes:
> Especially if you set it to not run in safe mode so badly written PHP
> programs can run. 'Tis better to run in safe mode and fix the bad code.
> Yes, I've been down that road with our clients. My answer: "It runs in
> safe mode. Fix your code."
What is it that safe-mode does that makes it improve security in any
meaningful way? According to the PHP developers, it is an ugly hack that
doesn't bring any real security benefits, and is thus slated to be removed
in the next major release of PHP.
Many web hosting providers employ PHP with safe-mode, but it is rather
useless since the actions it protects against can be performed by writing
the scripts in Perl instead.
Regards
Ingemar
More information about the fedora-list
mailing list