-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yves Thommes wrote: > finally it's our responsibility to keep the sites running and > secure
PHP4 doesn't just pose security threat to a particular web app, but the machine or even the cluster it runs on, one buggy php4 version or php4 application can potentially take down the entire cluster. As I've said before, if they insist on running PHP4, then the only logical solution will be to run PHP4 on it's own cluster, so when it's hacked, the damage is contained. If the additional cost of such a solution cannot be covered by the customers insist on running PHP4, then the responsible solution is to drop support of PHP4, in interest of other customers who do want to go for the more secure solution, they should not be punished by those who insist on staying php4. - -- Joe - -- A computer scientist is someone who, when told "go to hell", considers the "go to" harmful rather than the destination. GnuPG Key: 0xB14661D9 GnuPG FP: DE08 57AE A1AD 620C 02AA CCDD 611B 63AC B146 61D9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHloOJYRtjrLFGYdkRAgJVAJkBCjvbrXzry69xMmL1rKl19NNqUgCg1gph sOWQEniwflNLyEzVpABPWrs= =SiWm -----END PGP SIGNATURE----- -- [email protected] mailing list
