Per Jessen wrote:
Eric Butera wrote:
You should never use exec & friends when there is another way around
the problem. It is a security concern.
Why is it a security concern to execute another bit of code?
I really fail to see any security concern in doing e.g.
exec('gzip -c /tmp/myinputfile')
Do that per request and it becomes a lot easier to DOS the server. Not a
'security' risk so much as a stability risk, but a risk all the same.
Personally I avoid firing up new processes from a web server - there are
just too many things that can go wrong, but you're free to take whatever
risks you want with your servers and clients.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
