noob - hosting: pre-sales Qs re PHP "security" issues

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I really don't know what I'm talking about here, which I'm sure will
become obvious. I'm just starting to learn PHP, but probably will be
using 90% pre-coded applications - CMS, forums, mailing management. I'm
looking for a good hosting company; I've got my list down to a dozen or
so good ones with excellent reputations for reliability and support.

I want to identify which hosts will give me the most flexibility and
cause fewest problems in my checking these out. So I'm trying to put a
list of standardised pre-sales questions to send to the hosting services
support staff, and to create a comparison matrix.

The problem is I don't understand the issues well enough to write the
questions correctly, and in fact am not sure what options are best for
me. Obviously as a user I don't want to find there are popular/important
scripts out there I can't use with my account. But on the other hand I
don't want to run on a host that's open to all kinds of security
vulnerabilities either!

What I'm primarily looking for is **feedback on the questions
themselves**. Many are basic and self-explanatory, but perhaps for some:
a) the question could be refined for clarity or completeness b) everyone
would answer the same, or no hoster would want to answer so I might as
well not ask or c) there might be an important related question that I
should be asking but have missed.

I don't need general comments like "these are a lot of questions, try
not to annoy the staff at the hosting company, make sure to do your
research first", etc. However, I'd REALLY appreciate it if you could
help me cut this section down to a more managable set that would elicit
the key information I need to help me make a decision.

Here we go:


Is PHP installed as an Apache module? If not, do you use phpsuexec or

Is PHP safe mode disabled?

What disable_functions are set? (e.g. shell, exec, passthru)

For the following, please give your server default, and answer: "Can
this be changed on a per-site or per-account basis, and if so, how?"
(e.g. per-site via .htaccess or per-account via helpdesk)

Do you provide full PEAR support, including HTTP_Request, Auth_SASL

PECL support - memcache, fileinfo


Are the following PHP modules included - imap, imap-ss, openss, gettext,
with-dom, xml, ldap, mcrypt, iconv, gd, jpeg-dir, mime-magic, ftp

Can you give me a link to a phpinfo() page? Is this configuration
standard across all your servers?

Site Timeline