Any hidden dangers with PHP Tokenizer support

[Mitthrawnuruodo]

I'm trying to install CMSMS on a webhotel/shared server, of sorts, for an associate of mine.

To make a long-ish story (very) short, the server admin refuses to enable support for PHP Tokenizer since we're "on a shared server, with multiple users using the same PHP".

My initial response: Wait, what?

Servers aren't really my strong suit, but does any know any valid excuses for not enabling this? As far as I know Tokenizer support has never been disabled on any servers I've worked with/against, and - as far as I know - it's been enabled as default for a while now...

 

[angelwatt]

I'll just take a guess. With being on a shared server with multiple users, they're worried about using the tokenizer on the other user's code files, which could potentially allow someone to steal code or finding compromising code (user names and passwords) from other users. Properly setup permissions should take of this though. I think it could also allow cross-site scripting (XSS) attacks to be used potentially.