Monday, November 9, 2009

what's the difference when PHP is installed as CGI or as an Apache Module

Apache Module gives you *SPEED* since the PHP engine is always running and is part of every child of apache. Also this lets you use persistant database connections.

The issue is that PHP then runs as the same user with the same rights as apache. This can be an issue on a shared server. PHP does have some features that can limit this and still give you the speed benifits.

As a CGI you can use apaches SETUID program to make PHP run as your user account. This gives greater security. The issue is that when the script ends so does the PHP engine. Theirfore every call to a page has a penalty of starting up PHP and then compiling/running the script.

ASAPI Module = Fast, Hard to secure
CGI = Slow, Easier to secure (note that I said easier. Just because you installed the CGI does not mean your secure. By default CGIs are still run as the apache user so by default CGI gives you no more security and slower performance)


No comments: