Posted by hansBKK on 04/06/07 11:44

Here's a maybe provocative but certainly unequivocal statement from a lead
tech at a hosting company, whose opinion on technical matters I've come to
value:


> I've managed well over 2000 servers running apache/php within the past
few years and never once had a server compromised at root level.

> I didn't use safe_mode and had php installed as an apache module on all
of them. I did secure things like kernels, firewalls and utilise other
security features of my own making.

> There is no point in providing a php service and not letting customers
use the most of it :) Security is layered and we have no security issues
really at all, sure the odd client scripts get exploited, but they don't
affect the whole server.

> The rule for me is, if you get your scripts broken into, shame on you, if
we get our servers rooted, then shame on me :) It's not happened thus far
and I don't intend it to either :)


Makes sense to me!

[Back to original message]