>For example, allowing users to upload and execute any C executable file to a >public web server can prove to be quite dangerous. > >I think the same can be said for allowing PHP on a public web server, you >have just allowed anyone with a website to compromise the entire machine. I think the relevant maxim is "It's possible to write PHP in any language" ... >As a threat to the internet in whole, don't you think these public php >enabled web servers pose an high risk? I think that any ability of the (l)users to expose executables as web services threatens the security of the web server machine, irrespective of programming language. (But I don't see how it threatens "the internet" -- they can already connect their own misconfigured machine to the net directly)
