Re: Re: suphp thing

To: debian-webapps@lists.debian.org
Subject: Re: Re: suphp thing
From: Gregory Colpart <reg@evolix.fr>
Date: Mon, 17 Sep 2007 01:46:10 +0200
Message-id: <[🔎] 20070916234609.GC19156@test-scsi>
In-reply-to: <[🔎] 1189976630.17066.25.camel@nauthiz>
References: <[🔎] 42670320709161043i2bc20d96r7b89ec3c87c33d6a@mail.gmail.com> <[🔎] 1189976630.17066.25.camel@nauthiz>

Hello,

On Sun, Sep 16, 2007 at 11:03:50PM +0200, Martin Ambro?? wrote:
> 
> Provides security. Scripts aren't run as webserver user so when you have
> safe_mode turned off (or someone finds way to go around this) he can
> read anything what webserver user owns.
>
> suPHP is often presented as not suitable solution for masshosting
> because of poor performance (around 9 times slower than mod_php), but I
> tested it recently on medium sized hosting and it's beautiful solution
> for masshosting security and when you need better performance there is
> nothing else than providing FastCGI for special websites.
> 
> Let's believe there will be something secure and fast like FastCGI what
> consumes less memory.
> 
> P.S.: right, web applications can run as www-data when there is suPHP
> turned off but they aren't isolated then from each other.

FYI I use apache2-mpm-itk package to run each webapp with a
different user. You just put "AssignUserID <user> <group>" in
your VirtualHost file and that's OK.  I think it's the best way
to have easy and secure masshosting.

Regards,
-- 
Gregory Colpart <reg@evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/

Reply to:

References:
- Re: suphp thing
  - From: "Dusty Wilson" <dusty@hey.nu>
- Re: Re: suphp thing
  - From: Martin Ambrož <amsys@trustica.cz>

Prev by Date: Re: Re: Re: suphp thing
Next by Date: Re: Re: Re: suphp thing
Previous by thread: Re: Re: Re: suphp thing
Next by thread: Re: suphp thing
Index(es):
- Date
- Thread