Re: Re: [RFC][DISCUSSION] script() and script_once()

From:	Leigh	Date:	Thu, 05 Feb 2015 10:51:42 +0000
Subject:	Re: Re: [RFC][DISCUSSION] script() and script_once()
References:	1 2 3 4 5 6 7 8	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 5 February 2015 at 10:24, Pierre Joye <[email protected]> wrote:
> I do understand what you try to achieve, from all point of view.
> However I strongly disagree with this as a security improvement. I see
> this more as yet another attempt to replace what should be done at the
> OS level.
>

I'm inclined to agree, this is just another mitigation against a
specific vector, not a solution. I'm sure given a little bit of time a
way to bypass it will be found.

Also introducing this in PHP 7 will not fix all of the currently
broken apps, nor will it get people to start using this method even if
they do upgrade to PHP 7.

I honestly think this is one of the cases where education is better .


   

Thread (31 messages)

• Yasuo OhgakiThu, 05 Feb 2015 01:53:10 +0000
  • Yasuo OhgakiThu, 05 Feb 2015 02:03:46 +0000Re: [RFC][DISCUSSION] script() and script_once()
    • reezeThu, 05 Feb 2015 04:38:13 +0000Re: Re: [RFC][DISCUSSION] script() and script_once()
      • Yasuo OhgakiThu, 05 Feb 2015 05:06:45 +0000
        • Adam HarveyThu, 05 Feb 2015 05:37:15 +0000
          • LeighThu, 05 Feb 2015 08:31:38 +0000
            • Yasuo OhgakiThu, 05 Feb 2015 10:20:53 +0000
              • Pierre JoyeThu, 05 Feb 2015 10:24:41 +0000
                • Yasuo OhgakiThu, 05 Feb 2015 10:47:05 +0000
                  • Pierre JoyeThu, 05 Feb 2015 11:49:20 +0000
                    • Yasuo OhgakiFri, 06 Feb 2015 01:25:43 +0000
                      • Pierre JoyeFri, 06 Feb 2015 01:39:06 +0000
                        • Yasuo OhgakiFri, 06 Feb 2015 02:07:39 +0000
                          • Pierre JoyeFri, 06 Feb 2015 02:13:13 +0000
                            • Yasuo OhgakiFri, 06 Feb 2015 03:33:29 +0000
                              • Pierre JoyeFri, 06 Feb 2015 03:40:55 +0000
                                • Yasuo OhgakiFri, 06 Feb 2015 04:08:46 +0000
                                  • Pierre JoyeFri, 06 Feb 2015 04:16:29 +0000
                                    • Yasuo OhgakiFri, 06 Feb 2015 04:35:11 +0000
                                      • Yasuo OhgakiFri, 06 Feb 2015 04:50:20 +0000
                                      • Pierre JoyeFri, 06 Feb 2015 04:52:44 +0000
                                        • Yasuo OhgakiFri, 06 Feb 2015 05:01:44 +0000
                                          • Lester CaineFri, 06 Feb 2015 08:30:15 +0000
                                            • Yasuo OhgakiFri, 06 Feb 2015 10:11:33 +0000
                • LeighThu, 05 Feb 2015 10:51:42 +0000
                  • Yasuo OhgakiThu, 05 Feb 2015 10:56:57 +0000
                • Yasuo OhgakiThu, 05 Feb 2015 10:52:04 +0000
        • François LaupretreThu, 05 Feb 2015 09:33:34 +0000RE: [PHP-DEV] Re: [RFC][DISCUSSION] script() and script_once()
  • Pierre JoyeThu, 05 Feb 2015 06:05:40 +0000
    • Martin KeckeisThu, 05 Feb 2015 08:55:48 +0000
  • Michael WallnerThu, 05 Feb 2015 09:47:32 +0000