[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Document the bug fix policy regarding PHP Safe Mode

* Andreas Gredler:

> On Wed, Jul 13, 2005 at 08:31:25PM +0200, Florian Weimer wrote:
>> <h2>Alternatives</h2>
>> <p>Most large ISPs who run customer PHP scripts on shared hosting
>> servers do not use <code>mod_php</code> (or other forms of direct
>> integration into a web server), but use the CGI version of PHP, <a
>> href="http://httpd.apache.org/docs/suexec.html";>suEXEC</a>, and a
>> different user account for each customer and proper permissions.  This
>> way, the operating system enforces the usual restrictions.</p>
> Is there a security related difference between running suexec and
> running mod_php with suphp?

I don't think so, but I'm not familiar with suphp.  In the meantime,
I've been told that people like the performance improvement compared
to suexec and the CGI approach, but that's all I know about it.

Reply to: