[development] php4

Jamie Holly hovercrafter at earthlink.net
Mon Jun 14 19:33:13 UTC 2010

And therein lies the big reason. As a professional developer, if a 
client insists on running a server with PHP4 then they are presented 
with a disclaimer in the contract stating that the security of their 
site/application can not be guaranteed do to the insecurity and lack of 
support for PHP4. I started doing that right after the PHP4 EOL and have 
only used it once since then. I have had a couple of other clients that 
were on PHP4. One was on a self managed host and it was much cheaper for 
them to let me update their server to PHP5 and the other changed hosting 
providers. Actually from talking to that client, I think they were 
looking for a reason to switch hosting companies and I gave it to them.

Jamie Holly

On 6/14/2010 2:24 PM, Alex Bronstein wrote:
> Official position from php.net: http://www.php.net/releases/4_4_9.php,
> http://www.php.net/ChangeLog-4.php#4.4.9.
> In other words, any security vulnerabilities discovered in PHP4 in the
> last 22 months have not been fixed and will not be fixed. As others have
> said, a web hosting company that considers this to be acceptable is
> untrustworthy to do business with.

More information about the development mailing list