> What's the difference between running with suphp with a standard > unprivileged user and running without suphp and running the scripts > instead with the www-data user? Either way, the script has access to > everything the www-data user has access to or whatever the dummy user > is. The only way I see this being helpful is if each application is > running as its own user individually. > Provides security. Scripts aren't run as webserver user so when you have safe_mode turned off (or someone finds way to go around this) he can read anything what webserver user owns. suPHP is often presented as not suitable solution for masshosting because of poor performance (around 9 times slower than mod_php), but I tested it recently on medium sized hosting and it's beautiful solution for masshosting security and when you need better performance there is nothing else than providing FastCGI for special websites. Let's believe there will be something secure and fast like FastCGI what consumes less memory. P.S.: right, web applications can run as www-data when there is suPHP turned off but they aren't isolated then from each other.
Attachment:
signature.asc
Description: Toto je =?UTF-8?Q?digit=C3=A1ln=C4=9B?= =?ISO-8859-1?Q?_podepsan=E1?= =?UTF-8?Q?_=C4=8D=C3=A1st?= =?ISO-8859-1?Q?_zpr=E1vy?=