[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Theo Zourzouvillys wrote: > On Wednesday 19 July 2006 20:02, James Fidell wrote: >> It's a shame it isn't possible to load both the php4 and php5 >> modules into the same web browser at the same time (at least, if >> it is, I've found no workable way to do it). It would make migration >> so much easier. > > you can using mod_proxy and proxying any .php4 files to a separate server, or > vice versa - you can even do on a per customer/domain basis. > > of course you need to add a few hacks like X-Originating-IP to ensure that > source IP remains the same within the backend scripts, but not too much of a > problem. Agreed, but it's still not a wonderful solution. > imo it's bad design on PHP's part to break the language and not naturally > include backwards compatibility. Indeed. But this is PHP :) > of course, if you're doing shared hosting where there are a lot of (untrusted) > users, i really hope they are not running mod_php. if they are, they need > hitting with my security stick, which is actually getting rather dented > recently. Ahh, well, on the systems I look after that do shared hosting and mod_php I have also modified Apache somewhat so that all scripts, whether PHP, perl or whatever, run as the site-owner, even where they are executed within Apache itself (as with mod_php), or using fastcgi or suexec, along with a few other "modifications". The machines do still get broken into (allowing anyone to upload any code they like to a server that supports php is pretty much begging for this, really), but it doesn't create such a mess when it happens. There's more I could do even now, but the pain of handholding thousands of users through the necessary changes hasn't yet been deemed necessary. James -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html