Open_basedir confusion
From time to time I get the question why I recommend enabling open_basedir and on the other hand call it a solution flawed by design. This is actually a good question, because the untrained PHP user might get a little bit confused about this and might believe that I change my opinion on a daily basis.
When looking at open_basedir one has to realise that it was designed to stop PHP scripts from accessing files outside the open_basedir restrictions. I have demonstrated in the past, that this is not safe and cannot be safe, because the design is unfixable flawed, due to 3rd party libraries accessing the files themself. Demonstrated here.
On the other hand one has to look at the greater picture. Security vulnerabilities will always exist and therefore the server setup has to be hardened against attacks. Suhosin merely exists because of the reality that there will always be vulnerable [...]
Original post by blog-admin@nopiracy.de (Stefan Esser) and powered by Img Fly