Quote:
Originally Posted by vladimir
mod_security and suhosin are standard features? Are you serious? Since when? And how come neither shows up in phpinfo() on any other hosting service that I have access to?
How is being able to simultaneously upload more than 25 files extremely poor software development? How many should be the maximum and why exactly that number? It's a photo gallery! And what is the risk in generating an error so I know what the problem is instead of wasting hours of my time?
And what is so incredible about allowing URLs to be sent via POST by default? No, I had to spend hours to figure out it's just mod_security restrictions.
Look, I don't mind the security and I was willing to forget hours of wasted time but what you're saying is I'm a newbie idiot because I don't know the default limitations of every esoteric webserver extension that's out there. Are you serious?! GD is standard, PCRE is standard, suhosin and mod_security are not.
|
I am. If you give me the names of these web hosts I will be happy to investigate this issue with them and report back to you. I believe that there will be some kind of security software equivilent to mod_sec if not mod_sec itself.
I'm not saying that specific thing is necessarily a security risk - I also cannot comment on every single restriction that mod_sec or suhosin has.
Well it is tough sometimes, I can understand that you find this frustrating. If you prefer I'm sure eUKhost will migrate you to their non-secure server where you will not run into such problems.
And I was by no way implying or saying that you were an idiot - all any of us every try to do is merely explain things.
With such respected publishers and experts such as O'Reilly -
Introducing mod_security | O'Reilly Media - recommending its use and stating that is is essential to have security, whether it be mod_security or an equivilent I would count it as essential.
My intentions are not to offend you, we are all trying to help.
