phpperlapachemod-perlmod-php

Is there a difference between apache module vs cgi (concerning security)?


E.g. Is it more secure to use mod_php instead of php-cgi? Or is it more secure to use mod_perl instead of traditional cgi-scripts?

I'm mainly interested in security concerns, but speed might be an issue if there are significant differences.


Solution

  • Security in what sense? Either way it really depends on what script is running and how well it is written. Too many scripts these days are half-assed and do not properly do input validation.

    I personally prefer FastCGI to mod_php since if a FastCGI process dies a new one will get spawned, whereas I have seen mod_php kill the entirety of Apache.

    As for security, with FastCGI you could technically run the php process under a different user from the default web servers user.

    On a seperate note, if you are using Apache's new worker threading support you will want to make sure that you are not using mod_php as some of the extensions are not thread safe and will cause race conditions.