Jump to content

PHP - Apache or CGI


ProblemHelpPlease

Recommended Posts

Does anyone have any recommendations as to whether PHP is better installed as CGI or Apache. My concerns are mainly over security of the server and assoicated websites, the speed of PHP, and compatability when moving a site from a server previously using a suPHP CGI installation. I have read several security risks with PHP as apache but don't really know enough on the subject to make a final decision on which to go for.

Link to comment
Share on other sites

When PHP runs as an Apache module, it runs as the user Apache is running on. In other words, you have full control over anything the whole web server might have control over.When you're on a dedicated host (or a virtual dedicated host), this is a better approach, not only because PHP runs more efficiently on it, but because you'll have less hassles configuring your permissions properly, and because fine grained configuration is much more easily achievable should you need it.When you're on a shared host however, this is a cause for alarm, because if YOU can access everything on the server, it means the reverse is also true - everyone can access all of your stuff.Using mod_cgi (a.k.a. "normal CGI") is basically the same thing as the Apache module, without the efficiency and configuration benefits.Using mod_suexec is like CGI, but you can set the CGI script (i.e. PHP) to run as another user and do so in a fine grained way. While this doesn't give you the benefits of using PHP as an Apache module, that's the better solution for shared hosts, because it lets you be in full control, set permissions easily, and still not give everyone on the server access to your stuff.Using mod_fcgid is like the Apache module, minus the fine grained configuration. I think you can also run the FCGI program as another user, but I'm not exactly sure (documentation is sparse and I haven't bothered playing around with it).As for portability... if you aren't setting any php.ini directives in configuration files (and only limit yourself to ini_set() ones), you're OK. Potential problems arise if your application requires additional settings.So in summary - if you're on a dedicated host, use PHP as an Apache module. If you're on a shared server - mod_fcgid (if the host has set up permissions properly; assuming mod_fcgid allows it) or mod_suexec (again assuming permissions are set properly).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...