On or about Tue, Oct 29, 2002 at 03:35:22PM +0000, Paul Makepeace typed: >I'd read this as FUD, frankly, until you can show PHP has suffered >vulnerabilities so severe as to require shutting down service "every >few weeks".
I'm a professional. I test posted exploits against (and from!) isolated, sacrificial systems before I pay much attention to them. I have found, particularly in the last six months, that PHP has a higher rate of usable exploits (which, to me, means "external users are able to use the box in a way I disapprove of" - shell functions, open relay, etc.) than any other service I'd contemplate running. So now I don't have it on my servers, and I advise other people that it's going to be a significant administrative burden. Roger