Re: Option to disable php://filter URL

To: gdt%lexort.com@localhost (Greg Troxel), jlmuir%imca-cat.org@localhost (J. Lewis Muir)
Subject: Re: Option to disable php://filter URL
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Thu, 12 Jul 2018 03:16:10 +0200

Greg Troxel <gdt%lexort.com@localhost> wrote:

> A good point.  Did you file a bug upstream?  Is the issue that you think
> it's unsafe and they think it's a feature?

Obviously PHP offers it as a feature. The problem is that when you look
at existing software, the feature goes way beyond what most developers
expected, hence it generates security problems.

If you lookup php://filter attack with your favourite search engine, you
will find that the topic is discussed a lot.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: Option to disable php://filter URL
  - From: Greg Troxel

References:
- Re: Option to disable php://filter URL
  - From: Greg Troxel

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: Option to disable php://filter URL
Previous by Thread: Re: Option to disable php://filter URL
Next by Thread: Re: Option to disable php://filter URL
Indexes:

Home | Main Index | Thread Index | Old Index