Rick Stevens <rstevens@xxxxxxxxxxxx> writes: > Especially if you set it to not run in safe mode so badly written PHP > programs can run. 'Tis better to run in safe mode and fix the bad code. > Yes, I've been down that road with our clients. My answer: "It runs in > safe mode. Fix your code." What is it that safe-mode does that makes it improve security in any meaningful way? According to the PHP developers, it is an ugly hack that doesn't bring any real security benefits, and is thus slated to be removed in the next major release of PHP. Many web hosting providers employ PHP with safe-mode, but it is rather useless since the actions it protects against can be performed by writing the scripts in Perl instead. Regards Ingemar
