Posted by Jerry Stuckle on 01/03/08 13:01

Michael Fesser wrote:
> .oO(Jerry Stuckle)
>
>> Michael Fesser wrote:
>>> There are reasons for running PHP as CGI/FastCGI, especially on a shared
>>> server, where security should be more important than performance. And on
>>> an Apache the $_SERVER['DOCUMENT_ROOT'] is available even with PHP/CGI.
>> With correct configuration of the virtual host, PHP is secure, even as a
>> module.
>>
>> But some hosts just don't know how to configure it properly.
>
> I was not referring to safe_mode, open_basedir or similar restrictions
> (an enabled safe_mode for example would be a reason for _me_ to change
> host), but to the execution of scripts under the name and with the
> permissions of the script owner.
>
> Micha
>

I understand. And with appropriate configuration, PHP is quite secure.

But some people don't know how to configure it properly.

And a disabled safe_mode would be reason for _me_ to change hosts.
Someone so lax on security shouldn't be in business.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Post with redirect?
• Prev in forum: Re: Usability Job Opportunities
• Thread view: Re: Relative paths in require_once problem (possibly all include routines)

[Reply to this message]