Re: [PHP] Web host withdraws support for PHP extensions - supposed secuity risks
On Tue, Aug 13, 2002 at 10:10:45PM +0100, Alan Hale wrote: > My Web hosting company has just withdrawn (with no notice) support for PHP > extensions on the grounds they represent security risks and they don't wish > to spend time and effort in evaluating and compensating for those risks. > > I'd welcome views on how reasonable this is. > > The extension I'm mainly concerned about is GD, which I rely on for > interactive mapping functionality. I find it hard to see how this is a > security risk, but I'm no expert and prepared to be enlightened. > I could host you if interested. Check http://www.nk.ca . > Many thanks > > Alan Hale > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.381 / Virus Database: 214 - Release Date: 02/08/2002 > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- Member - Liberal International On 11 Sept 2001 the WORLD was violated. This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] Society MUST be saved! Extremists must dissolve. Beware of defining as intelligent only those who share your opinions -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Web host withdraws support for PHP extensions - supposed secuity risks
Alan -- ...and then Alan Hale said... % % My Web hosting company has just withdrawn (with no notice) support for PHP % extensions on the grounds they represent security risks and they don't wish % to spend time and effort in evaluating and compensating for those risks. That, and particularly the "no notice" part, sure sounds lame. % % I'd welcome views on how reasonable this is. Hmmm... Is it a risk? Well, theoretically everything is a risk; they might as well just shut down their servers now since they don't want to compensate for risks. And anything can be buggy, too, so they'd better wipe those disks clean of any nasty utilities, servers, or operating systems. I guess whether or not it's reasonable depends on what they want their business to do. If they want to serve FrontPage web clients and perhaps a little bit of POP3 email, they don't need php. They don't need apache for that matter, either, since it's all configurable and dangerous and everything. HTH & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg75397/pgp0.pgp Description: PGP signature
[PHP] Web host withdraws support for PHP extensions - supposed secuity risks
My Web hosting company has just withdrawn (with no notice) support for PHP extensions on the grounds they represent security risks and they don't wish to spend time and effort in evaluating and compensating for those risks. I'd welcome views on how reasonable this is. The extension I'm mainly concerned about is GD, which I rely on for interactive mapping functionality. I find it hard to see how this is a security risk, but I'm no expert and prepared to be enlightened. Many thanks Alan Hale --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 02/08/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php