>I'm pretty sure these things are not covering, for example, JNI modules. >Extensions are basically JNI of PHP.
i'm not very java fan... but i think majority of java application not use any JNI module... because of this risk and because in majority situation all necesary can be coded and are coded in full java... and only core java runtime are C and some native module like crypto (for SSL)...all major avolution api are coded in full java...only core language are in developped in C... in my java shared hosts, they are no jni... if application need jni they use dedicated machine... but effectively on my php shared hosts i use hardening path + mod_chroot + mod_security like reverse proxy in front (used also with java shared host) + one apache instance with uid by application... but i think some good security idea have been said, for exemple using "prepare statement" to avoid sql injection... also i think is important to educate new php developper in adding more security guide documentation in official manual... Best regards, Mathieu
