openbsd-ports/www/php4/pkg/SECURITY

A couple of minor changes have been made to PHP's
default installation to make it more secure.

1) Temporary files have greater randomness in their names.

2) URL fopen is OFF by default, as this functionality is
   easily exploitable for many common PHP scripts out there.
   Turning it off by default does not affect 99% of users,
   and turns remote exploits into local ones.

The source has not otherwise been audited.  If you do so,
please contact the maintainer(s) below.

--
Anil Madhavapeddy, <avsm@openbsd.org>
$OpenBSD: SECURITY,v 1.1 2001/12/18 01:40:48 avsm Exp $
Update to php4-4.1.0 Not much response to my post to ports@ asking for testing, so there will probably be some breakage in the more obscure flavors and non-x86 arches. 2001-12-17 20:40:48 -05:00			`A couple of minor changes have been made to PHP's`
			`default installation to make it more secure.`

			`1) Temporary files have greater randomness in their names.`

			`2) URL fopen is OFF by default, as this functionality is`
			`easily exploitable for many common PHP scripts out there.`
			`Turning it off by default does not affect 99% of users,`
			`and turns remote exploits into local ones.`

			`The source has not otherwise been audited. If you do so,`
			`please contact the maintainer(s) below.`

			`--`
			`Anil Madhavapeddy, <avsm@openbsd.org>`
			$OpenBSD: SECURITY,v 1.1 2001/12/18 01:40:48 avsm Exp $