Re: Document the bug fix policy regarding PHP Safe Mode
* Andreas Gredler:
> On Wed, Jul 13, 2005 at 08:31:25PM +0200, Florian Weimer wrote:
>> <p>Most large ISPs who run customer PHP scripts on shared hosting
>> servers do not use <code>mod_php</code> (or other forms of direct
>> integration into a web server), but use the CGI version of PHP, <a
>> href="http://httpd.apache.org/docs/suexec.html">suEXEC</a>, and a
>> different user account for each customer and proper permissions. This
>> way, the operating system enforces the usual restrictions.</p>
> Is there a security related difference between running suexec and
> running mod_php with suphp?
I don't think so, but I'm not familiar with suphp. In the meantime,
I've been told that people like the performance improvement compared
to suexec and the CGI approach, but that's all I know about it.