Gday Peter,
There is a new feature in PHP 4.0.1 where the ISP can shutdown any function of
PHP from within the php.ini file.
Its weird that they allow "CGI" but not PHP. You can get just as malicious with
Perl as you can with PHP. Of Course, they should be running the CGI under SuEXEC
so you only get the rights of your user anyway.
Matta
Peter Faulks wrote:
>
> G'day Sluggers,
>
> I've been offered a job to write a CGI programme.
>
> The client's ISP has a company policy against the use of PHP.
> Are there known security issues with PHP?
>
> Also, are there any security issues with fast cgi (Apache/mysql)?
> I had a quick look at the source, it seems to me there are a few
> places where buffer overrun could be induced, but I haven't really
> had a good look yet.
>
> I like the concept of fast cgi, ie no database connect/disconnect
> every time a cgi request comes in, but I hear fast cgi hasn't really
> taken off.. Comments?
>
> Regards
>
> 'The day Microsoft makes something that doesn't suck is the day
> they start making vacuum cleaners.'
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
--
Matt Allen Linux/PHP eCommerce Solutions
Linux Worx Linux Networking
www.linuxworx.com.au Consulting
[EMAIL PROTECTED]
0413 777 771
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
