Quoting Bill Broadley ([email protected]): > >Does anyone know any downsides to using the webtatic PHP packages on > >CentOS 6? > > I've seen many machines with ugly configurations related to cpanel, > custom php installs (sometimes more than one), and fragile very hard > to reproduce apache configurations. > > Although I guess I shouldn't complain, they get hacked and I get consulting.
(Sadly, this won't answer Dr. Ozeran's question, either:) I've lately come to the conclusion, from many years as a Linux server admin, that PHP is tolerable on a Unix machine _provided_ it isn't ever exposed to public networks, because the ongoing security nightmare is otherwise not justifiable. I mean, yes if management is paying you to do it and the money's good, but if you're the boss, say 'Hell no.' So, e.g., every Web page on my linuxmafia.com server that used to be dymanically assembled by the PHP interpreter at Apache page-load time are (more recently) instead built on-disk in advance using automake or a cron script. Fortunately, none of those pages needed to _actually_ be dynamic; it was just coder laziness that chose that implementation. For example, the coder who helped me convert BALE (http://linuxmafia.com/bale/) from its original mid-1990s static HTML incarnation to PHP + MySQL set it up so every page load assembles the page anew, from several PHP fragments plus the results of a MySQL query (furnishing the events rows). When I realised the underlying reality of this being static data changing only once on the 1st of each month, I converted it into a static HTML page generated by a cron job in /etc/cron.monthly/ , and then Apache serves up just that static file. Whole huge categories of security threat have completely away for good, when I ditched runtime PHP. If I had any Web applications that actually relied on the PHP interpreter at load time, I'd try really hard to ditch them. It really is IMO that bad. And I say that because, so to speak, Ranum is my guru: http://www.ranum.com/security/computer_security/editorials/master-tzu/ That having been said: Dr. Ozeran, I know of nothing against the Webtatic repo's PHP packages. It seems like a competent external repo for CentOS/RHEL, though I have no relevant experience. Hope that helps! _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
