[Nottingham] suPHP
Frederic Vagner
fred at vagner.me.uk
Sat Jul 24 17:22:14 UTC 2010
Hello,
Yes, I use it sometimes, it is quite good as it runs your scripts with
your user instead of the user apache, no downside so far except you have
to change all the settings of the websites used to work with apache.
Also, you have to make sure that your websites are securely setup and
that there is no bug in your PHP scripts, as someone could harm your
website if he got to execute a PHP script in it. For that reason, it is
usually better to run a php script with apache as it would usually not
allow a hacker to create a file or modify it if you files use the
correct permissions (644).
Cheers
Fred
On Sat, 2010-07-24 at 17:55 +0100, Martin wrote:
> Folks,
>
> Anyone using suPHP with Apache2?
>
>
> "suPHP is a tool for executing PHP scripts with the permissions of their
> owners. It consists of an Apache module (mod_suphp) and a setuid root
> binary (suphp) that is called by the Apache module to change the uid of
> the process executing the PHP interpreter."
> http://www.suphp.org/Home.html
>
> Secure PHP Pages with SUPHP
> http://itc.virginia.edu/server/web/php/suphp.html
>
>
> Good, bad, or not needed?
>
> Cheers,
> Martin
>
More information about the Nottingham
mailing list