[BlueOnyx:19765] Re: Enabling the rewrite module in Apache config

[Michael Stauber]

Hi all,

Greg wrote:
> The biggest risk in my opinion relates to open_basedir.

That and "allow_url_fopen" and "allow_url_include", which are fruit of
the poison tree. If these are on, all bets of server integrity are off.
A vulnerable script can then be tricked into including remotely hosted
PHP code and executing it as if it were part of the original PHP
application that you host.

-- 
With best regards

Michael Stauber