On Wednesday, April 25, 2007 6:18 am Ingemar Nilsson wrote: > What is it that safe-mode does that makes it improve security in any > meaningful way? According to the PHP developers, it is an ugly hack that > doesn't bring any real security benefits, and is thus slated to be removed > in the next major release of PHP. The point of PHP's safe mode was not actually to improve security, but to improve the knowledge of those who wrote PHP programs. The problem was, originally PHP would create variables with the names of the HTML elements they were originally taken from (<input type="text" name="test"> would become $test in PHP). Most authors used this feature without thinking, because it was convinient. But it allows for a bunch of serious attacks from the outside, especially if it is used in conjunction with database queries. Safe mode causes those elements to not be registered, forcing the author to access the variables using the special superarrays ($_GET, $_POST, $_COOKIE, etc.), which prevents the aforementioned attacks. They didn't just change it because it would have broken compatibility with older scripts; the general hope was that it would slowly be turned on over time. At least, that's what I seem to recall. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
