What is Digg?Sponsored by Travelzoo
Take Advantage of Ridiculously Low Holiday Airfares view!
travelzoo.com - Flights $52 and up for Thanksgiving, Christmas & New Year. But move on it now.
21 Comments
- timdorr, on 10/12/2007, -0/+9Boo for slowness! CGI is horrendously slow because on each and every page view, you have to load up the *entire* PHP environment. It's much better to run things with FastCGI. I posted some instructions on getting that running with PHP5 alongside PHP4 (as a module):
http://timdorr.com/archives/2006/02/php4_and_php4_s.php
You can just as easily adapt that to run PHP4 as a FastCGI too. You get nice SuExec goodness, but none of the slowness of running as just a vanilla CGI. - takeda, on 10/12/2007, -0/+4Geez, I was also afraid to switch to PHP5, I did it, and I had only one script that didn't work (it was one that I didn't upgraded for a year (the problem was just name of one procedure, they fixed it long time ago but because I didn't upgraded it I had a problem)).
I think people who are complaining that PHP5 is not compatible actually never tried to upgrade.
I think it's really worth it, I noticed a speed improvement, and also in one of my own projects, I found the new OO very helpful. - Otto, on 10/12/2007, -1/+5Or you can just dump PHP 4 altogether, and switch to PHP 5 entirely. Makes your setup loads easier to deal with. Plus you won't be running outdated bugridden code anymore.
As for suPHP, it's a good idea, but when it said that it must use PHP as a CGI instead of an Apache Module, I stopped reading. No thanks, I'd rather not make all my scripts run that much slower, thanks. - takeda, on 10/12/2007, -0/+3Peruser is good, but you won't be able to use SSL, and keep-alive.
PS. I hate that the rating buttons are so close to reply link, I accidently clicked to bury your comment (is there any way to cancel that?) - Bogtha, on 10/12/2007, -0/+2Assuming you aren't desperately low on memory, it's actually more efficient to set up each virtual host as an unprivileged user running on a non-standard port, and stick a reverse proxy in front of them all. It also has benefits of non-application-specific caching, the ability to enable/disable modules on a vhost-specific basis, and so on.
- LaCamiseta, on 10/12/2007, -0/+2Or you can simply have PHP run as a CGI file and have the Apache module suexec running, then everything from Perl to Python would be run under the file owner's permissions and you don't have to have the issues of running yet another module.
- takeda, on 10/12/2007, -0/+2Not to mention that any user in that setup can have complete access to other user's web data just from their php script.
Actually running php (and other) scripts as the owner is the best security.
I'm going to digg this story, but only because the comments. Running PHP as a standard CGI is just not worth it...
The peruser MPM would be best if it wouldn't have few drawbacks (SSL won't work, and keep-alive must be off) - crawf061, on 10/12/2007, -1/+3yay for security!
- inactive, on 10/12/2007, -1/+3"Plus you won't be running outdated bugridden code anymore."
PHP5 doesn't guarantee that noobs won't write crappy code anymore. - pgtourdotnet, on 10/12/2007, -0/+1Usually Apache doesn't have any special permissions, but I can see how it might be useful for some hosting companies.
The PHP4/5 with the mix of suPHP is awesome though, I think i'll give it a whirl.
Thanks! - tadorna, on 10/12/2007, -1/+2There are still many PHP scripts that wont run on PHP5, if you need such a script, its nice when you can switch one of your vHost to PHP.
> As for suPHP, it's a good idea, but when it said that it must use PHP as a CGI instead of an
> Apache Module, I stopped reading. No thanks, I'd rather not make all my scripts run that
> much slower, thanks.
If you host many websites for different users on one server, you can't avoid to use either suPHP, SuEXEC CGI-PHP or PHP as fastcgi to run the scripts under different user priveliges. - takeda, on 10/12/2007, -0/+1I found this (although it only applies to FreeBSD users):
http://lists.freebsd.org/pipermail/freebsd-questions/2005-November/103338.html - supernovus, on 10/12/2007, -1/+2Brilliant, then any file editable by the Apache user is editable by every user on the server. I've seen the end results of running php as the apache user. Suexec and SuPHP are essential in the web hosting industry. IMHO.
- alienvenom, on 10/12/2007, -0/+1Being the Gentoo fanboy that I am, I'd like to point out that there is a MUCH MUCH better way of doing this. Unforunately, it requires the use of Gentoo. Some applications like PHP and Apache are "slotted" meaning that they are fundamentally altered so you can have two versions on the same system, such as apache2 with PHP4 and apache1 with php5, (not sure you would do it this, but you could) or some other combination. Obviously you can't run both on the same port, but with mod_proxy, and other apache modules, you can easily run both environments in a different vhost or even a different virtual directory. Clearly this is the better solution because we all know that CGI is significantly slower than the actual apache module.
- greensky, on 10/12/2007, -1/+2I agree that suPHP seems to be a very limited solution. I wonder if something more like PerUser (http://telana.com/peruser.php) might work better. It allows Apache to run each apache child process as its own user and group, each handling its own set of virtual hosts. This means that not only are your php scripts running as a non www/nobody user, but so are your perl scripts, etc.
I would be interested in seeing if anyone else is working on this sort of thing. - takeda, on 10/12/2007, -0/+1It appears that I would be able to run PHP only using CGI or FastCGI, but I could do the same on apache... I know few people who actually set up PHP to run as given user using FastCGI, I never tried it though.
Actually for my needs I guess lighthttpd would be enough, except that I don't think it would work with subversion :((( - inactive, on 10/12/2007, -0/+1Whats *the point* of running PHP4 and PHP5 at the same time?
- greensky, on 10/12/2007, -1/+2Yeah, Peruser isn't perfect, but I think it starts a conversation in the right direction. It's hopeful to see that people want to move this way. I've been looking a little into Ruby on Rails and found lighthttpd (http://www.lighttpd.net/). While it doesn't have the full feature set of Apache it claims to have chroot(), set UID, set GID.
(p.s. I don't know any way to un-digg/un-bury a comment. I'm glad you didn't mean to bury mine) - quipo, on 10/12/2007, -0/+0[plug]
Secure PHP installation on unix/linux systems
http://www.alberton.info/secure_php_installation.html
[/plug] - Otto, on 10/12/2007, -5/+2> There are still many PHP scripts that wont run on PHP5, if you need such a script...
Then you can find one that does run on PHP5. A script that only runs on PHP4 is out of date and probably a security risk to begin with. No thanks. - Egoist, on 10/12/2007, -4/+1"A script that only runs on PHP4 is out of date and probably a security risk to begin with. No thanks."
I'm sorry, but that's the stupidest thing I've heard all day. I had to quote it just for the sheer shock of the ineptitude required to believe such a statement. Wow. We need awards for people like you.
© Digg Inc. 2009
— Content created and posted by Digg users is