paul dansing <[EMAIL PROTECTED]> wrote: > php is required in order to use many of the more mature web > applications such as forum software. i run apache chroot, use > modsecurity, and use ipf to limit the www user. a tight systrace > policy might help but not very much incremental gain. everyone says > php is a security breach waiting to happen, so what else can i do if i > want to use these large apps without rewriting them from scratch in > another language?
There is in fact mature web software out there that's not written in PHP. Just as an example: http://www.gossamer-threads.com/ You can probably find free (no $$$) stuff also if you poke around a bit. The real problem is that PHP (and MySQL too) is ubiquitous, whereas you'll be hard-pressed to find web hosts who offer accounts with mod_perl, fastcgi, or postgresql. They exist, but they're just not as common, and they tend to charge more than $4.99/mo. Then again, it sounds like you're running your own OpenBSD server, so this probably isn't an issue... -- Stephen Takacs <[EMAIL PROTECTED]> http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA