|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35308 Suggestions for improving security note documentation
Submitted: 2005-11-21 06:34 UTC Modified: 2008-03-19 13:36 UTC
From: cjbj at hotmail dot com Assigned:
Status: Wont fix Package: Website problem
PHP Version: Irrelevant OS: n/a
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: cjbj at hotmail dot com
New email:
PHP Version: OS:


 [2005-11-21 06:34 UTC] cjbj at hotmail dot com
The phrasing in has caused
confusion in at least one database administrator's mind about the
safeness of PHP.  See
for one report of confusion.

Can the fourth paragraph of the security note be modied to read

    For Local exploits we mostly hear about open_basedir or
    safemode problems on shared virtual hosts.  These two
    features are there as a convenience to system administrators
    and should in no way be thought of as a complete security
    framework.  With all the 3rd-party libraries you can hook
    into PHP and all the creative ways you can trick these
    libraries into accessing files, it is impossible to guarantee
    security with these directives.  The CURL extension is a
    library that allows local file system access despite the
    value of open_basedir.  Another example is that Oracle
    Database can be configured to allow local files to be loaded
    into the database.  Access control is handled by Oracle and
    is not under control of PHP.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-07 08:30 UTC]
Reclassified as documentation problem.
 [2007-08-20 13:07 UTC]
This page is not a part of Documentation.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 16 00:01:27 2024 UTC