|
|
|
|
|
|
by bdg
3868 days ago
|
|
|
Hey, a few months ago you might recall I was working on https://twitter.com/rumpkernel/status/623320639097712640 (I go by a different user name on hackernews). The core issue with PHP is that most applications think they can just drop files in all sorts of places depending on what page was requested and to what user is logged in and what the state of the database was... and it always depends on what the application is. Some of these files are user uploads, logs, or cache for performance sake (more conflicting here is that PHP will cache op codes into memory based on the filesystem structure). It's also pretty common to see exploits where an attacker injects code into a PHP file, so making a subset of this immutable would be a big win IMO when talking to business and IT about the list of reasons I would use this in production. |
|
|
Hop on to irc again some day or start a thread on the mailing list, and we can brainstorm about the best solution.