Sarien Sarien - 2 years ago 103
Perl Question

Is there a difference between apache module vs cgi (concerning security)?

E.g. Is it more secure to use

mod_php
instead of
php-cgi
?
Or is it more secure to use
mod_perl
instead of traditional
cgi-scripts
?

I'm mainly interested in security concerns, but speed might be an issue if there are significant differences.

Answer Source

Security in what sense? Either way it really depends on what script is running and how well it is written. Too many scripts these days are half-assed and do not properly do input validation.

I personally prefer FastCGI to mod_php since if a FastCGI process dies a new one will get spawned, whereas I have seen mod_php kill the entirety of Apache.

As for security, with FastCGI you could technically run the php process under a different user from the default web servers user.

On a seperate note, if you are using Apache's new worker threading support you will want to make sure that you are not using mod_php as some of the extensions are not thread safe and will cause race conditions.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download