Any hidden dangers with PHP Tokenizer support

Discussion in 'Web Design and Development' started by Mitthrawnuruodo, Aug 26, 2009.

  1. Mitthrawnuruodo Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #1
    I'm trying to install CMSMS on a webhotel/shared server, of sorts, for an associate of mine.

    To make a long-ish story (very) short, the server admin refuses to enable support for PHP Tokenizer since we're "on a shared server, with multiple users using the same PHP".

    My initial response: Wait, what?

    Servers aren't really my strong suit, but does any know any valid excuses for not enabling this? As far as I know Tokenizer support has never been disabled on any servers I've worked with/against, and - as far as I know - it's been enabled as default for a while now...

    :confused:
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    I'll just take a guess. With being on a shared server with multiple users, they're worried about using the tokenizer on the other user's code files, which could potentially allow someone to steal code or finding compromising code (user names and passwords) from other users. Properly setup permissions should take of this though. I think it could also allow cross-site scripting (XSS) attacks to be used potentially.
     

Share This Page