httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Is async the answer?
Date Mon, 28 Jan 2008 20:57:23 GMT
Olaf van der Spek wrote:
> 
> I agree that FastCGI is the better technical solution, I'm just
> stating that neither the Apache documentation nor the PHP
> documentation seems to state that. Even worse, they hardly document
> the FastCGI way at all.

FastCGI is a technically subpar way to execute trusted, valid PHP.
So is the handler method, the most efficient is the httpd 2 filter
method which should work fine since John and I spent a bunch of time
on it.  However, only a CGI sapi or FastCGI can compartmentalize your
untrusted PHP applications.

People have always been under some preconception that it's good to run
untrusted code in-process within httpd, while numerous "vulnerability"
reports in the past (and many to appear over the future) all bear out
that it's a really stupid idea.

FastCGI is also a so-so way to get around libraries which aren't thread-
safe, running worker or event mpm's.  Of course, using the 21st century
equivalents of those libraries probably isn't a bad solution either.

Bill

Mime
View raw message