In principle, you are right.
However, I refer to this howto: http://www.howtoforge.com/intrusion-...ns-with-phpids
where a PHP file containing the checks is "prepended" like this:
auto_prepend_file = /var/www/web1/web/phpids.php
...to any php file to be executed (as I understand it) within the context of the vhost.
Wouldnt it be a great thing to "force" clients that their input is filtered via PHPIDS in that way?
According to the Howto, I would maybe able to install PHPIDS for every client / vhost. It would save a lot of effort and could avoid clients tinkering with it when done somewhere elso on a global level.
Piwik has issues with PHPIDS, so when having a pure Piwik install one could turn PHPIDS off...
Thats all I want to ask for...