suPHP - secure/reliable?
jonas at schiebtsich.net
Thu Nov 3 16:03:32 GMT 2005
Hi M.L., Sam,
> > Does anyone have anything to say about suPHP, either good or bad stuff ?
> > I'd like your opinions.
this reply is a bit late, but still helpfull I hope, since nobody using suPHP
answered your request.
I am currently using suPHP and it works quite nice. It's not as strict as
suexec when it comes to file and directory permissions, but it still enforces
some sane defaults and it's very fast and easy to set up (install suphp and
php ports, set suPHP_Engine On in your vhosts and there you go).
The downside of it (and this is why I'm thinking about switching to the
FastCGI solution) is that for every request, a php process needs to be
spawned, which can give your server hard time if you get a wave of something
like 100 requests within a few seconds. I get this a few times every day on a
server with ~100 customers, it usually results in a load of 25+.
So if you're looking for something which is fast and easy to set up, for only
a couple of users go with suPHP. The better solution is FastCGI, though.
On Saturday 08 October 2005 02:52, Sam Nilsson wrote:
> If you are interested in taking this route I may be able to help you
> with the little details.
I'd be really intrested to hear some few details about installation through
the ports. From what I saw in the FastCGI documentation you need to do some
strange configuration changes to your httpd.conf, so that .php files are
properly passed to the FastCGI handler and that they'll be executed under the
correct user. Could you share a quick overview what you did to get this up
and running, apart from makeing install?
More information about the freebsd-questions