ehm, maybe my english is not perfect but that's *exactly* what i meant
as well. i would tell customer x that if the site of customer y on the
same server would be compromised, the site of customer x would be
compromised as well. ;)
after most of the comments i've read so far i would say that bottom line
is: we give our customers a deadline until when they will have to
migrate to php5 and basta, like my italian co-worker would say. ;)
but actually this situation is more complicated than it seems. and there
is even another crazy solution to this whole fiasco. as i said in our
case there are only about a dozen websites which don't run at all on
php5, so i could create a vmware machine for each customer, so if their
site would be compromised, it wouldn't affect the others. but i mean,
that's overkill.
tomorrow morning i'll suggest both solutions to our customers, either
they try to migrate to php5 asap or they'll be hosted on a small
isolated php4 box along with other php4 sites (the risks will be made
perfectly clear to each and every customer being hosted on this server
and they would of course have to agree to these terms, in writing) which
might get them to reconsider migrating to php5. Or as a last resort the
vmware solution which would be the most expensive one, and i guess this
might also help them to reconsider migration to php5.
Andrew Gaffney wrote:
Lindsay Haisley wrote:
On Tue, 2008-01-22 at 21:22 +0100, Yves Thommes wrote:
if one of the sites on the server is compromised we can't gurantee
the integrity of their data/website.
It's far worse than this. If one of the sites on the server is
compromised then you can't guarantee the integrity of _any_ data/website
on that server.
In the former case, it would be _their_ business decision, but this
really makes it yours.
I was waiting for somebody to point this out. You continuing to run
PHP4 on any of your servers makes *you* liable for damage to other
customers' sites. Explain *that* to your management. That possibility
should alone outweigh the cost of losing a few customers who don't
want to migrate their stuff to PHP5.
--
[email protected] mailing list
