Announcement

Collapse
No announcement yet.

Security and php versions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security and php versions

    I have just recently been asked to take over the systems administration of a site running vbulletin 3.0.3. First thing I did was apply the most recent security patches. Next, I started looking at the server setup itself. I noticed that the site is running php 4.3.8. Now, with the known security issues with this version, something needs to be done about that ASAP. However, we are already having intermittent problems with site performance (I suspect this is related to the MySQL configuration; I'll deal with that after I have secured the server), so given the documented problems with unserialize() I am reluctant to upgrade to 4.3.10.

    Now, I normally do not favor running dev releases of software on a production server, but in this case I think it may be warranted. Before I do that, I'd like to get a feel for what experiences others have had with running the dev releases of php. Has anyone here experienced problems after installing a recent CVS version of php? What issues did you encounter?

    Thanks!

  • #2
    My personal experience is that I am runnning 4.3.10 and have noticed no issues related to speed or anything else. It works as well as previous versions. How large are your forums? I have 92k posts and get about 80-120 mew posts a day.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      Originally posted by Steve Machol
      My personal experience is that I am runnning 4.3.10 and have noticed no issues related to speed or anything else. It works as well as previous versions. How large are your forums? I have 92k posts and get about 80-120 mew posts a day.
      We currently have over 112k threads with over 2.25 million posts. I'm not sure about how many posts per day, but I am confident it is well over that figure.

      Comment


      • #4
        Someone with a larger forum and 4.3.10 will have to comment then. But frankly if I had to make the choice, I'd choose security of speed any day.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          I agree. I'm just trying to decide which to recommend: a CVS snapshot, or 4.3.10. Continuing to run with 4.3.8 is not, imo, an option.

          Comment


          • #6
            See if hardend php has applied the secuirty patch to 4.3.9, just as an outside the box thought

            Comment


            • #7
              Thanks, Zachery, I'll take a look at that. However, as far as I can tell, it was the security patch that introduced the bug to unserialize(), so unless they have also updated 4.3.9 patches to include that fix as well, it would be no different from going to 4.3.10.

              Steve, I did a bit of research, and we are averaging over 2k new posts per day.

              Comment


              • #8
                With the release today of 4.3.11, this whole question became moot. Thanks for your responses.

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X