Re: Re: suphp thing

["Dusty Wilson" <dusty@hey.nu>]

On 9/16/07, Martin Ambrož <amsys@trustica.cz> wrote:

> What's the difference between running with suphp with a standard
> unprivileged user and running without suphp and running the scripts
> instead with the www-data user?  Either way, the script has access to
> everything the www-data user has access to or whatever the dummy user
> is.  The only way I see this being helpful is if each application is
> running as its own user individually.
>
Provides security. Scripts aren't run as webserver user so when you have
safe_mode turned off (or someone finds way to go around this) he can
read anything what webserver user owns.

suPHP is often presented as not suitable solution for masshosting
because of poor performance (around 9 times slower than mod_php), but I
tested it recently on medium sized hosting and it's beautiful solution
for masshosting security and when you need better performance there is
nothing else than providing FastCGI for special websites.

Let's believe there will be something secure and fast like FastCGI what
consumes less memory.

P.S.: right, web applications can run as www-data when there is suPHP
turned off but they aren't isolated then from each other.

Are you suggesting that each application would have its own user? 
I think that's the only way what you're suggesting would be useful.