Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php? 7 3623
Greetings, yawnmoth.
In reply to Your message dated Wednesday, July 2, 2008, 19:13:32,
Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php?
It is easier to impersonate spawned CGI process, than mod_php working thread.
"Easier", not "only possible way".
I suppose, your provider using CPanel too?
My hosting company using mod_php and it impersonated to myself while running
my scripts. So I do not have access to the other users' data in it.
And I do have all advantages of using .htaccess directives to control PHP
workflow.
--
Sincerely Yours, AnrDaemon <an*******@free mail.ru>
yawnmoth wrote:
Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also
possible to do it with the mod version. You just have to know what
you're doing.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Jul 2, 1:36*pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:
yawnmoth wrote:
Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? *If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also
possible to do it with the mod version. *You just have to know what
you're doing.
What sort of security settings might they be using? I imagine
allow_url_fopen would be disabled as would register_global s, but that
can be done just as easily for mod_php and CGI. Just modify .htaccess
or apache.conf in the case of the former or php.ini in the case of the
latter.
phpsuexec might be easier to use with one over the other, though.
Are phpsuexec and a few PHP directives the only things they'd likely
be concerned with?
yawnmoth wrote:
On Jul 2, 1:36 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:
>yawnmoth wrote:
>>Correct me if I'm wrong, but isn't running PHP via mod_php faster than running it via CGI? If so, why would a web hosting company be running PHP via CGI and not mod_php? I asked that very question to one web hosting company and given the following response: "We run our php based on what is secure, not what could be a few seconds faster" Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also possible to do it with the mod version. You just have to know what you're doing.
What sort of security settings might they be using? I imagine
allow_url_fopen would be disabled as would register_global s, but that
can be done just as easily for mod_php and CGI. Just modify .htaccess
or apache.conf in the case of the former or php.ini in the case of the
latter.
phpsuexec might be easier to use with one over the other, though.
Are phpsuexec and a few PHP directives the only things they'd likely
be concerned with?
Those aren't really security settings. Things like open_base_dir limits
what directories you can access. Also, you can change users when using
the CGI, allowing the system security to come into play. With the
module, you're always running under the webserver's userid.
As I said - can be done with the module version - but the CGI gives more
control and can make things easier to manage.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Jul 2, 2:27*pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:
yawnmoth wrote:
On Jul 2, 1:36 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:
yawnmoth wrote: Correct me if I'm wrong, but isn't running PHP via mod_php faster than running it via CGI? *If so, why would a web hosting company be running PHP via CGI and not mod_php? I asked that very question to one web hosting company and given the following response: "We run our php based on what is secure, not what could be a few seconds faster" Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also
possible to do it with the mod version. *You just have to know what
you're doing.
What sort of security settings might they be using? *I imagine
allow_url_fopen would be disabled as would register_global s, but that
can be done just as easily for mod_php and CGI. *Just modify .htaccess
or apache.conf in the case of the former or php.ini in the case of the
latter.
phpsuexec might be easier to use with one over the other, though.
Are phpsuexec and a few PHP directives the only things they'd likely
be concerned with?
Those aren't really security settings. *Things like open_base_dir limits
what directories you can access. *Also, you can change users when using
the CGI, allowing the system security to come into play. *With the
module, you're always running under the webserver's userid.
As I said - can be done with the module version - but the CGI gives more
control and can make things easier to manage.
Ah - ok - thanks!
..oO(yawnmoth)
>What sort of security settings might they be using? I imagine allow_url_fope n would be disabled as would register_global s, but that can be done just as easily for mod_php and CGI. Just modify .htaccess or apache.conf in the case of the former or php.ini in the case of the latter.
The main point on a shared host is that your scripts are executed with
your own username and your privileges instead of the server's default.
Micha
On Jul 2, 8:13 am, yawnmoth <terra1...@yaho o.comwrote:
>
Correct me if I'm wrong, but isn't running PHP via mod_php
faster than running it via CGI?
It is.
If so, why would a web hosting company be running PHP via
CGI and not mod_php?
Because they are not running a CGI, but a FastCGI (same executable,
different server setup), which in some circumstances can be as fast or
even slightly faster than mod_php. Zeus developers, for example,
recommend FastCGI over mod_php for use with Zeus; people running PHP
on production IIS servers (yes, there are a few of those) often prefer
FastCGI to ISAPI module for better stability.
Is PHP via CGI more secure than PHP via mod_php?
In a shared hosting environment, yes, but we're talking a very
particular kind of security, namely, protecting users' content from
unauthorized access by other users of the same system. Basically,
when you run a FastCGI executable, you can enforce file/directory
ownership more easily, so that one user's scripts can't access another
user's files through the file system...
Cheers,
NC This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: zaphod |
last post by:
I've recently considered switching from mod_perl to mod_php because
mod_perl, unless configured with multiple servers/ports/IP addresses, serves
static HTML from mod_perl processes, which is grossly inefficient. Since I
do not think you should have to tamper so much with server configs to do web
development efficiently I'm considering mod_php instead. I need to know if
PHP handles this differently:
- Are static HTML requests handled...
|
by: yarmfelder |
last post by:
Hi all,
I noticed that with Slackware they don't include
mod_php in the latest distro. I also noticed some
talk on the web that there was an insecurity
issue with mod_php in a previous version of
Slackware.
So is this just a Slackware mishap or is there
a good reason to no longer permit PHP from
|
by: Shufen |
last post by:
Hi all,
Can someone who has use PHP before and know quite well about the
language, tell me what are the stuffs that Python offers and PHP
doesn't. A few examples will be nice. I know about the date format
problem which PHP is having but I need more examples. Thank you for
any help.
Shufen
|
by: emilper |
last post by:
Hi,
while using mod_php in apache:
If I am including one .inc file in one page, does it get compiled and
kept in memory so when I include the same file in another page on the
same server, the server won't have to search for it and recompile it ?
does mod_php provide other advantages besides preloading the php
interpretor/compiler in memory ?
|
by: howachen |
last post by:
hi,
which package you perfer?
mod_php on apache is okay but some people said fastcgi version of php
is faster, is it true?
thanks...
| |
by: Vincent Delporte |
last post by:
Hello
I'm interested in hearing reflections by seasoned web app
developpers about the different ways to write PHP apps, and especially
how they compare in terms of performance, whether it's the PHP part or
connections to MySQL.
As far as I know, there are different ways to write a PHP application:
- CGI, ie. the usual way : some PHP code in web pages, and the PHP
interpreter is loaded each time a PHP page is called
|
by: R.A.M. |
last post by:
Hello,
I am using Fedora 7 Moonshine Linux with Apache installed.
I have installed PHP5 using command: yum install php. Then I configured
httpd adding module mod_php.so to httpd.conf (and other necessary
operations). The problem is that when I am trying to start Apache using
command: httpd -k start, I receive error of missing mod_php.so. To solve
the problem, I downloaded mod_php.2.0.1.-9.s390.rpm and executed
command: rpm -i...
|
by: Evil Son |
last post by:
Hello group,
If I switched from mod_php to fast-cgi, would I need to make any
changes to my php source?
Also, will something like APC still be useful?
Will my database connections suddenly become persistent?
If I had static data in my script, will it persist when that same
|
by: setesting001 |
last post by:
How many of you are running Fast CGI instead of the popular mod_php?
I planning to change to fast cgi since my applications need around
15MB memory to handle a single request, so consider if Apache running
in multi-process mode, serving 300 clients, then it nearly used up all
my memory in my server.
Any experience can share how to handle large concurrent clients for
PHP?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |