ProblemHelpPlease Posted February 15, 2011 Share Posted February 15, 2011 Does anyone have any recommendations as to whether PHP is better installed as CGI or Apache. My concerns are mainly over security of the server and assoicated websites, the speed of PHP, and compatability when moving a site from a server previously using a suPHP CGI installation. I have read several security risks with PHP as apache but don't really know enough on the subject to make a final decision on which to go for. Link to comment Share on other sites More sharing options...
boen_robot Posted February 15, 2011 Share Posted February 15, 2011 When PHP runs as an Apache module, it runs as the user Apache is running on. In other words, you have full control over anything the whole web server might have control over.When you're on a dedicated host (or a virtual dedicated host), this is a better approach, not only because PHP runs more efficiently on it, but because you'll have less hassles configuring your permissions properly, and because fine grained configuration is much more easily achievable should you need it.When you're on a shared host however, this is a cause for alarm, because if YOU can access everything on the server, it means the reverse is also true - everyone can access all of your stuff.Using mod_cgi (a.k.a. "normal CGI") is basically the same thing as the Apache module, without the efficiency and configuration benefits.Using mod_suexec is like CGI, but you can set the CGI script (i.e. PHP) to run as another user and do so in a fine grained way. While this doesn't give you the benefits of using PHP as an Apache module, that's the better solution for shared hosts, because it lets you be in full control, set permissions easily, and still not give everyone on the server access to your stuff.Using mod_fcgid is like the Apache module, minus the fine grained configuration. I think you can also run the FCGI program as another user, but I'm not exactly sure (documentation is sparse and I haven't bothered playing around with it).As for portability... if you aren't setting any php.ini directives in configuration files (and only limit yourself to ini_set() ones), you're OK. Potential problems arise if your application requires additional settings.So in summary - if you're on a dedicated host, use PHP as an Apache module. If you're on a shared server - mod_fcgid (if the host has set up permissions properly; assuming mod_fcgid allows it) or mod_suexec (again assuming permissions are set properly). Link to comment Share on other sites More sharing options...
ProblemHelpPlease Posted February 15, 2011 Author Share Posted February 15, 2011 Thats pretty much what I thought was the case.It helps to have this confirmed so thanks for the info on this. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.