From: Yves Thommes <doc@foobar.lu>
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] PHP4
Date: Wed, 23 Jan 2008 00:02:39 +0100 [thread overview]
Message-ID: <4796760F.6030506@foobar.lu> (raw)
In-Reply-To: <47965D8D.6000907@gentoo.org>
ehm, maybe my english is not perfect but that's *exactly* what i meant
as well. i would tell customer x that if the site of customer y on the
same server would be compromised, the site of customer x would be
compromised as well. ;)
after most of the comments i've read so far i would say that bottom line
is: we give our customers a deadline until when they will have to
migrate to php5 and basta, like my italian co-worker would say. ;)
but actually this situation is more complicated than it seems. and there
is even another crazy solution to this whole fiasco. as i said in our
case there are only about a dozen websites which don't run at all on
php5, so i could create a vmware machine for each customer, so if their
site would be compromised, it wouldn't affect the others. but i mean,
that's overkill.
tomorrow morning i'll suggest both solutions to our customers, either
they try to migrate to php5 asap or they'll be hosted on a small
isolated php4 box along with other php4 sites (the risks will be made
perfectly clear to each and every customer being hosted on this server
and they would of course have to agree to these terms, in writing) which
might get them to reconsider migrating to php5. Or as a last resort the
vmware solution which would be the most expensive one, and i guess this
might also help them to reconsider migration to php5.
Andrew Gaffney wrote:
> Lindsay Haisley wrote:
>> On Tue, 2008-01-22 at 21:22 +0100, Yves Thommes wrote:
>>> if one of the sites on the server is compromised we can't gurantee
>>> the integrity of their data/website.
>>
>> It's far worse than this. If one of the sites on the server is
>> compromised then you can't guarantee the integrity of _any_ data/website
>> on that server.
>>
>> In the former case, it would be _their_ business decision, but this
>> really makes it yours.
>
> I was waiting for somebody to point this out. You continuing to run
> PHP4 on any of your servers makes *you* liable for damage to other
> customers' sites. Explain *that* to your management. That possibility
> should alone outweigh the cost of losing a few customers who don't
> want to migrate their stuff to PHP5.
>
--
gentoo-server@lists.gentoo.org mailing list
next prev parent reply other threads:[~2008-01-22 23:02 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-18 16:10 [gentoo-server] PHP4 A. Khattri
2008-01-18 16:12 ` Petteri Räty
2008-01-18 16:48 ` Jil Larner
2008-01-18 17:29 ` Lindsay Haisley
2008-01-22 16:13 ` Yves Thommes
2008-01-22 16:19 ` Andrew Gaffney
2008-01-22 18:12 ` Lindsay Haisley
2008-01-22 18:38 ` Yves Thommes
2008-01-22 18:53 ` Georges Toth
2008-01-22 18:55 ` Georges Toth
2008-01-22 19:13 ` Lindsay Haisley
2008-01-22 19:18 ` RijilV
2008-01-22 19:30 ` Lindsay Haisley
2008-01-22 19:42 ` Georges Toth
2008-01-22 20:22 ` Yves Thommes
2008-01-22 20:27 ` Andrew Gaffney
2008-01-22 20:37 ` Yves Thommes
2008-01-22 20:47 ` Qian Qiao
2008-01-22 21:12 ` Lindsay Haisley
2008-01-22 21:18 ` Andrew Gaffney
2008-01-22 23:02 ` Yves Thommes [this message]
2008-01-22 23:11 ` Qian Qiao
2008-01-22 23:15 ` RijilV
2008-01-22 23:41 ` Chashab
2008-01-23 8:37 ` Dumitru Moldovan
2008-01-23 0:39 ` Georges Toth
2008-01-22 21:42 ` pkoelle
2008-01-22 21:58 ` RijilV
2008-01-22 19:35 ` Georges Toth
2008-01-22 19:43 ` Greg Bowser
2008-01-22 19:46 ` Georges Toth
2008-01-22 19:48 ` Andrew Gaffney
2008-01-22 19:59 ` Greg Bowser
2008-01-22 19:54 ` Thilo Bangert
2008-01-22 19:56 ` Georges Toth
2008-01-22 19:10 ` Lindsay Haisley
2008-01-22 19:58 ` Thilo Bangert
2008-01-22 23:45 ` Yves Thommes
2008-01-23 0:00 ` Qian Qiao
2008-01-23 0:07 ` Lindsay Haisley
2008-01-22 18:16 ` Yves Thommes
2008-01-22 20:13 ` Petteri Räty
2008-01-22 20:31 ` Yves Thommes
2008-01-22 20:38 ` Qian Qiao
2008-01-22 20:46 ` Andrew Gaffney
2008-01-22 21:19 ` Lindsay Haisley
2008-01-22 21:20 ` Andrew Gaffney
2008-01-22 21:23 ` Lindsay Haisley
2008-01-22 21:35 ` Oliver Schad
2008-01-22 16:36 ` RijilV
2008-01-22 19:39 ` Matthias Bethke
2008-01-23 15:02 ` Matthew Summers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4796760F.6030506@foobar.lu \
--to=doc@foobar.lu \
--cc=gentoo-server@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox