Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php? 7 3602
Greetings, yawnmoth.
In reply to Your message dated Wednesday, July 2, 2008, 19:13:32,
Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php?
It is easier to impersonate spawned CGI process, than mod_php working thread.
"Easier", not "only possible way".
I suppose, your provider using CPanel too?
My hosting company using mod_php and it impersonated to myself while running
my scripts. So I do not have access to the other users' data in it.
And I do have all advantages of using .htaccess directives to control PHP
workflow.
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru>
yawnmoth wrote:
Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also
possible to do it with the mod version. You just have to know what
you're doing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Jul 2, 1:36*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
yawnmoth wrote:
Correct me if I'm wrong, but isn't running PHP via mod_php faster than
running it via CGI? *If so, why would a web hosting company be running
PHP via CGI and not mod_php?
I asked that very question to one web hosting company and given the
following response:
"We run our php based on what is secure, not what could be a few
seconds faster"
Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also
possible to do it with the mod version. *You just have to know what
you're doing.
What sort of security settings might they be using? I imagine
allow_url_fopen would be disabled as would register_globals, but that
can be done just as easily for mod_php and CGI. Just modify .htaccess
or apache.conf in the case of the former or php.ini in the case of the
latter.
phpsuexec might be easier to use with one over the other, though.
Are phpsuexec and a few PHP directives the only things they'd likely
be concerned with?
yawnmoth wrote:
On Jul 2, 1:36 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>yawnmoth wrote:
>>Correct me if I'm wrong, but isn't running PHP via mod_php faster than running it via CGI? If so, why would a web hosting company be running PHP via CGI and not mod_php? I asked that very question to one web hosting company and given the following response: "We run our php based on what is secure, not what could be a few seconds faster" Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also possible to do it with the mod version. You just have to know what you're doing.
What sort of security settings might they be using? I imagine
allow_url_fopen would be disabled as would register_globals, but that
can be done just as easily for mod_php and CGI. Just modify .htaccess
or apache.conf in the case of the former or php.ini in the case of the
latter.
phpsuexec might be easier to use with one over the other, though.
Are phpsuexec and a few PHP directives the only things they'd likely
be concerned with?
Those aren't really security settings. Things like open_base_dir limits
what directories you can access. Also, you can change users when using
the CGI, allowing the system security to come into play. With the
module, you're always running under the webserver's userid.
As I said - can be done with the module version - but the CGI gives more
control and can make things easier to manage.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Jul 2, 2:27*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
yawnmoth wrote:
On Jul 2, 1:36 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
yawnmoth wrote: Correct me if I'm wrong, but isn't running PHP via mod_php faster than running it via CGI? *If so, why would a web hosting company be running PHP via CGI and not mod_php? I asked that very question to one web hosting company and given the following response: "We run our php based on what is secure, not what could be a few seconds faster" Is PHP via CGI more secure than PHP via mod_php?
When using fastcgi, the CGI version is almost as fast as the mod version.
While, it is easier to set up security using the cgi version, it's also
possible to do it with the mod version. *You just have to know what
you're doing.
What sort of security settings might they be using? *I imagine
allow_url_fopen would be disabled as would register_globals, but that
can be done just as easily for mod_php and CGI. *Just modify .htaccess
or apache.conf in the case of the former or php.ini in the case of the
latter.
phpsuexec might be easier to use with one over the other, though.
Are phpsuexec and a few PHP directives the only things they'd likely
be concerned with?
Those aren't really security settings. *Things like open_base_dir limits
what directories you can access. *Also, you can change users when using
the CGI, allowing the system security to come into play. *With the
module, you're always running under the webserver's userid.
As I said - can be done with the module version - but the CGI gives more
control and can make things easier to manage.
Ah - ok - thanks!
..oO(yawnmoth)
>What sort of security settings might they be using? I imagine allow_url_fopen would be disabled as would register_globals, but that can be done just as easily for mod_php and CGI. Just modify .htaccess or apache.conf in the case of the former or php.ini in the case of the latter.
The main point on a shared host is that your scripts are executed with
your own username and your privileges instead of the server's default.
Micha
On Jul 2, 8:13 am, yawnmoth <terra1...@yahoo.comwrote:
>
Correct me if I'm wrong, but isn't running PHP via mod_php
faster than running it via CGI?
It is.
If so, why would a web hosting company be running PHP via
CGI and not mod_php?
Because they are not running a CGI, but a FastCGI (same executable,
different server setup), which in some circumstances can be as fast or
even slightly faster than mod_php. Zeus developers, for example,
recommend FastCGI over mod_php for use with Zeus; people running PHP
on production IIS servers (yes, there are a few of those) often prefer
FastCGI to ISAPI module for better stability.
Is PHP via CGI more secure than PHP via mod_php?
In a shared hosting environment, yes, but we're talking a very
particular kind of security, namely, protecting users' content from
unauthorized access by other users of the same system. Basically,
when you run a FastCGI executable, you can enforce file/directory
ownership more easily, so that one user's scripts can't access another
user's files through the file system...
Cheers,
NC This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: zaphod |
last post by:
I've recently considered switching from mod_perl to mod_php because
mod_perl, unless configured with multiple servers/ports/IP addresses, serves
static HTML from mod_perl processes, which is...
|
by: yarmfelder |
last post by:
Hi all,
I noticed that with Slackware they don't include
mod_php in the latest distro. I also noticed some
talk on the web that there was an insecurity
issue with mod_php in a previous version...
|
by: Shufen |
last post by:
Hi all,
Can someone who has use PHP before and know quite well about the
language, tell me what are the stuffs that Python offers and PHP
doesn't. A few examples will be nice. I know about the...
|
by: emilper |
last post by:
Hi,
while using mod_php in apache:
If I am including one .inc file in one page, does it get compiled and
kept in memory so when I include the same file in another page on the
same server, the...
|
by: howachen |
last post by:
hi,
which package you perfer?
mod_php on apache is okay but some people said fastcgi version of php
is faster, is it true?
thanks...
|
by: Vincent Delporte |
last post by:
Hello
I'm interested in hearing reflections by seasoned web app
developpers about the different ways to write PHP apps, and especially
how they compare in terms of performance, whether it's the...
|
by: R.A.M. |
last post by:
Hello,
I am using Fedora 7 Moonshine Linux with Apache installed.
I have installed PHP5 using command: yum install php. Then I configured
httpd adding module mod_php.so to httpd.conf (and other...
|
by: Evil Son |
last post by:
Hello group,
If I switched from mod_php to fast-cgi, would I need to make any
changes to my php source?
Also, will something like APC still be useful?
Will my database connections suddenly...
|
by: setesting001 |
last post by:
How many of you are running Fast CGI instead of the popular mod_php?
I planning to change to fast cgi since my applications need around
15MB memory to handle a single request, so consider if...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |