[geeklog-devel] PHP in Static Pages

Dirk Haun dirk at haun-online.de
Wed Jan 14 02:00:04 EST 2004

Tony wrote:

>Maybe, I'm not dinging the thing...I'm just bringing back to light 
>issues we should consider.

np, I was just playing the Devil's Advocate.

>Again, the secure way to handle this is to 
>not have PHP in static pages to begin with but given we now endorse this 
>possiblity we should consider ways to harden especially considering that 
>we are becoming more and more popular with blackhats.

Yep. An option to switch off PHP from the config file would be a start.

bye, Dirk


More information about the geeklog-devel mailing list