Joomla! Discussion Forums

joomla: 1.0.12
env: shared hosting
server api: cgi (phpsuexec)
php: either 4.2.2 or 5.2.0

i have been running php4 w/ some changes in my php.ini. i'm now running php5, but my host hasn't yet enabled changes via php.ini, so i'm stuck with their global values. register_globals is off, but here are the parts of my old php.ini which are no longer in effect:



i'm wondering:
1. what benefits running with php5 gives me?
2. if those benefits are being negated by others on the shared server still using php4?
3. how much i'm hurt by not having those things in my php.ini set the way i had them?
4. if there's anything else i'm not considering

php forum would probably give better answer.

al

PHP5 has a much nicer OOP implementation, and a few useful extensions. However, Joomla doesn't need them, so unless you're coding non-Joomla PHP stuff, there isn't much advantage to you running PHP5 over PHP4.
Depending on the privileges set for the shared server files, it could well be that other users could cause security problems with poorly written scripts, but that applies whether they use PHP4 or PHP5 - there are a few changed defaults in 5, but given enough lack of effort, it's still possible to really mess up files with it!
Your own site is probably marginally less secure than it was with those php.ini settings, but again, if other users on the server haven't got the same settings, and if you've got any world writable folders/group writable folders with a shared group then it won't help. The weakest point in any server is the user with the lowest level of security.

Of course, none of the sharing problems matter as much if the server is shared using a VPS solution, where each user's area is effectively a virtual machine, since the user/group levels shouldn't be shared among the actual users.

I'd stick with PHP5 for the moment, but be aware that it won't be increasing security merely by being used. Might well increase performance though, so it's not a completely worthless upgrade!

definitely don't have any group or world write privileges anywhere in public_html. in fact, i run daily find commands to look for that, and another script to look for common hack strings.

i'm on a shared server, non-VPS, and i do believe the host has a good handle on configuration. the account is solely for joomla, not doing any php programming on it. i'm the only backend user, with a strong password.

it may be my imagination, but the site does seem a bit quicker on php5. i'm keeping an even closer eye out for anything out of the ordinary, and i can revert back to php4 w/o much hassle.

thanks for the response.

fwiw, i went back to php4.