I did a google search on php_flag register_globals and joomla was in the 8th position. I tried Joomla for the first time several weeks ago. I really like what I see and hope to spend more time looking at it. At a very minimum extracts can expedite my efforts and possibly something as simple as a template change may get me where I want to go. It's a smooth application that would take a bunch of work to duplicate. Hearing the security problems are not directly related to Joomla is great news. I also think that the source code should be at a minimum adequate due to peer review. Thoughts? Keith Edward Norton wrote: On 1/1/07, keith smith wrote: Thanks, I'll check that out. I just read in a forum that if you put a php.ini in the home directory (I assume DocumentRoot) that PHP reads that one first. Seems like a security risk to do so. See http://www.go4expert.com/forums/showthread.php?t=397 could that be so? Thanks, Keith It seems possible to do so, however I've never tried it myself. I'd have to agree with you on the security risk. It doesn't sound like a good idea to have the php conf in your documentroot. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss Keith Smith A link from my website to yours Submit Your Metro Phoenix Website __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com