But of course, if your web server isn't a) configured to serve PHP content through a PHP interpreter, or b) configured to do a) on files called "*.php" in your webspace root, you will just get the code of the page.
In other words, you still need a webserver capable of serving PHP.
Whether you'd want to, of course, is a different story.
NB - this isn't an anti-PHP point, more of a "run a webserver on your home PC which is accessible by the world and you have a whole new set of security problems to think about" kind of point.
Possibly the worst thing for the Internet is for a bunch of people without a clue to run their own insecure webservers. If a hacker can buffer-overflow your server and exploit your machine to their own ends, it's an easy zombie to use for attacking other people.
> Whether you'd want to, of course, is a different story.
No offense taken at all -- it's a very valid point you're making. I've run a webserver off my PC in the past, and the logs were always full of script kiddiez and their (attempted) drive-by bombings.
I tend to forget / conveniently ignore that the ability to be on the 'net doesn't necessarily give you any understanding of the risks.
I think the fact that you're aware of a) logs and b) script kiddiez as concepts puts you lightyears ahead of the average Internet user. So far as I can tell, most think that the Internet lives in their telephone wall socket and is made of Magic Smoke.
At the very least, it'll be a webserver module that needs to be enabled, or an extra CGI mapping. My webserver doesn't run any PHP by default because I don't have any PHP code. It does have a bunch of mod_perl handlers but that's a different story.
The point is, you can't expect that ye standard free internet webspace will support anything other than straight flatfile serving, and I'm pretty sure that anything dynamic is a paid option on a lot of cheap hosting services. Which makes sense because parsing and processing a page of interpreted code takes a lot more CPU than just serving the text of a file to a user!
In other words, you still need a webserver capable of serving PHP.
Reply
Hell, you can even get PHP running on a Windows install of Apache and serve it up straight from your PC.
Reply
NB - this isn't an anti-PHP point, more of a "run a webserver on your home PC which is accessible by the world and you have a whole new set of security problems to think about" kind of point.
Possibly the worst thing for the Internet is for a bunch of people without a clue to run their own insecure webservers. If a hacker can buffer-overflow your server and exploit your machine to their own ends, it's an easy zombie to use for attacking other people.
Reply
No offense taken at all -- it's a very valid point you're making. I've run a webserver off my PC in the past, and the logs were always full of script kiddiez and their (attempted) drive-by bombings.
I tend to forget / conveniently ignore that the ability to be on the 'net doesn't necessarily give you any understanding of the risks.
Reply
Reply
Reply
Then I guess they have to do the complicated RSS stuff I don't understand.
Reply
The point is, you can't expect that ye standard free internet webspace will support anything other than straight flatfile serving, and I'm pretty sure that anything dynamic is a paid option on a lot of cheap hosting services. Which makes sense because parsing and processing a page of interpreted code takes a lot more CPU than just serving the text of a file to a user!
Reply
Reply
Leave a comment