+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: Change register_globals? (/thread-665.html)
Pages: 1 2
RE: Change register_globals? - joximu - 05-25-2007 05:11 AM
ok, read...
http://httpd.apache.org/docs/2.2/en/mod/
prefork - Implements a non-threaded, pre-forking web server
worker - Multi-Processing Module implementing a hybrid multi-threaded multi-process web server
http://httpd.apache.org/docs/2.2/misc/security_tips.html#dynamic
Embedded scripting options which run as part of the server itself, such as mod_php, mod_perl, mod_tcl, and mod_python, run under the identity of the server itself (see the User directive), and therefore scripts executed by these engines potentially can access anything the server user can. Some scripting engines may provide restrictions, but it is better to be safe and assume not.
And the other hand:
http://www.php.net/manual/en/install.unix.apache2.php
We do not recommend using a threaded MPM in production with Apache2. Use the prefork MPM instead, or use Apache1. For information on why, read the related FAQ entry on using Apache2 with a threaded MPM
hm...
there are plenty of websites to be read by you :-)
RE: Change register_globals? - Eminos - 05-25-2007 05:18 AM
Cool, thanks
/E
RE: Change register_globals? - raphael - 05-25-2007 08:12 AM
By the way: http://pecl.php.net/package/htscanner
RE: Change register_globals? - joximu - 05-25-2007 05:18 PM
@raphael
well, this is great...
I think it would be a good idea to have some FAQ why use fastcgi and so on (htaccess with php ...). And also why PHP doesn't recommend mpm-worker...
http://www.php.net/manual/en/faq.installation.php#faq.installation.apache2
???
RE: Change register_globals? - raphael - 05-26-2007 05:04 AM
It doesn't recommend PHP + Apache2 worker, but it says it's ok to use it together with fastcgi (which is what ispCP use)
RE: Change register_globals? - joximu - 05-26-2007 06:57 AM
Well, I can read :-)
I hoped to see something like "it's more secure to run php with f(ast)cgi and then you also get more performance with apache mpm-worker..."...
Just looking for infos to put in the FAQ...
/Joximu
RE: Change register_globals? - raphael - 05-26-2007 10:02 AM
lol, sorry
RE: Change register_globals? - ephigenie - 05-26-2007 07:49 PM
yeah actually mpm-worker performs far better than mpm-prefork.
For fastest speed the mpm-event is recommended.
But the speed improvements are related to static file transfers.
Php won't get faster with fastcgi - but much more secure - because of the use of suexec (and later chroot
) The speed of php-fastcgi against mod_php is perhaps 90-95% so fastcgi is a bit slower.
But this is nothing compared to other options like suphp (php will be executed as cgi on every call (10-15% of mod_php's speed
).So fastcgi is the best choice between speed and security.
A small drawback atm is that somehow apache needs a lot of ram to work - but this could be related to some settings for the worker module - we're investigating that