|
|
Posted by Stut on 07/01/05 23:48
On 01/07/05, Andrew Scott <andrews@cmstransport.com.au> wrote:
> Stut,
>
> FYI here is a copy of the text after installing php.
<snip>
> Warning
>
> Be aware, that this setup of PHP is not secure. If you would like to
> have a secure PHP setup, you'd better go on the manual way, and set
> every option carefully. This automatically working setup gives you an
> instantly working PHP installation, but it is not meant to be used on
> online servers.
Ok, now I see the root of your comment. Maybe it's just me but I never
assume that any automatic installation will create a secure
environment. The reason for that is that the installer cannot possibly
know what it needs to do to make the system secure - that's what
sysadmins are for.
I must also point out that a system that used this installer to set up
PHP can be secured in exactly the same way as any other in much the
same way as anyone doing it manually can create a setup that is less
secure than using the installer to do it for them.
So, I was technically wrong but IMHO the point is flawed since nothing
should be assumed to be secure out of the box. With that convenient
diversion hopefully settled you are still yet to convince me that CF
offers any significant advantage over PHP.
-Stut
Navigation:
[Reply to this message]
|