> :-( The downside would be, IMHO, that I would need to pro-actively check > everything that is going on concerning PHP, in order to prevent any major > problems. (one and a halve month ago, some clients on an other > installation > who hadn't mainted phpBB also caused me the necessary problems). Also, > when > clients are non-commercial, a good programmer is out of the question > (which > applies to this case too). I wonder how mass hosting companies get arround > these issue's? To add to this -- I suspect some good hosts actively check the directories of their clients, and search for known security flawed software, such as specific versions of phpBB and formmail.pl and so on. When you find a client running known security flawed software, you deal with them, quickly and politely, but with clear cut no nonsense requirements: Upgrade it now or lose the account. Who owns the box? You, or your friend? Non-profits can always find a free programmer or a donor to hire the programmer or... There are even organizations that exist solely to provide services like this to non-profits. One small one I know of run by guys in Chicago is here: http://npotechs.org/ I'm sure that there are others. Perhaps you could donate some training to the non-profit, to get their programmer up to speed, even. Your other option is to not allow PHP, nor Perl, nor any kind of CGI, nor... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
