Hi Will, Thanks for taking the time to respond. What bothered me about your policy is that it accuses mod_perl of these things, and yet you offer PHP as an apache module. PHP has plenty of security issues when you don't run it as CGI, and you can certainly crash the server with it.
> I'll see if we can update the kbase entry to be a little more specific > and not to sound so much like we're blaming mod_perl itself (not our > intent). Thank you, that would be much appreciated. I think that offering it on dedicated hosts (or virtual machines) is the best approach, and I'm glad see that you fully support that. - Perrin -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
