On Wed, Dec 15, 2010 at 09:57, Paul S <paul.s@xxxxxxxxxxxx> wrote: > > Warning: phpinfo() has been disabled for security reasons in > /home/.../php/phpinfo.php on line 2 > > My ISP has disabled phpinfo and has not answered my tech requests on this > for over a month. > > They seem to never have a thing to do but play games with silly security > "issues". Well, phpinfo() does, by default, divulge some things that could be considered security concerns --- particularly in poorly-managed environments. Primarily, this is by giving a synopsis of versions and paths of software, but some versions and configurations will also broadcast information about the currently logged-in user (PTS/TTY) in the $_ENV display. Sure, you can display everything manually that phpinfo() does automatically, but it's easier for some to vilify something because they heard it was bad than to actually address the greater issues. > In a day some phone calls are going to be made. I need some help. > > What brief arguments should I be giving to get this changed? In cases like this, I'd agree with Al's response; there are plenty of other web hosts out there. (My own signature is not intended as a form of advertisement in this case, mind you.... it's simply the default. ;-P) -- </Daniel P. Brown> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php