> > :-( The downside would be, IMHO, that I would need to pro-actively > > check everything that is going on concerning PHP, in order > to prevent > > any major problems. (one and a halve month ago, some clients on an > > other installation who hadn't mainted phpBB also caused me the > > necessary problems). Also, when clients are non-commercial, a good > > programmer is out of the question (which applies to this > case too). I > > wonder how mass hosting companies get arround these issue's? > > To add to this -- I suspect some good hosts actively check > the directories of their clients, and search for known > security flawed software, such as specific versions of phpBB > and formmail.pl and so on. I could write a PERL-script for that :-) For wide-used scripts (such as PHPBB) automation would be a doable and good sollution, but for custom scripts, it will be quite a challenge. > When you find a client running known security flawed > software, you deal with them, quickly and politely, but with > clear cut no nonsense > requirements: > > Upgrade it now or lose the account. That would be the right thing indeed. Though I do find that many times, people either have severe technical difficulty upgrading (usually installing was already quite a tough cookie for them, being used to the more point and click of Windows). Or perhaps just to the fear of it. It always comes down to a lack of knowledge and understanding from the user. Educating users in this regard is not easy. > Non-profits can always find a free programmer or a donor to > hire the programmer or... > > There are even organizations that exist solely to provide > services like this to non-profits. One small one I know of > run by guys in Chicago is > here: > http://npotechs.org/ > > I'm sure that there are others. Thanks! That looks like a very nice addition to my to-do and to-look-at bookmark list :-) Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
