PHP: CGI vs Apache

software development

#1

Ok, I’m totally frustrated with my Dreamhost + PHP experience thus far.

I set to use Apache rather than CGI because I want custom 404 messages as well as be able to use things like php_value auto_prepend_file in htaccess. Is there a place where I can learn more about the security implications of this?

Also, perhaps related to my config choice, I keep running into things I can’t do, like Exec.

Then there are functions that are supposed to work like exif_read_data and str_split which say they are not defined.

Am I missing something completely obvious? Are these all because I wanted to use PHP as an Apache module? Do I need to compile my own PHP? (If I do that, will I lose my ability to use htaccess?)

Utterly frustrated, PHP novice, so I’d appreciate any help, even RTFM with pointers as to where I’m supposed to read up.

Thanks


#2

I’m very much new to Dreamhost, but so far I’ve been quite pleased with the offerings, technology-wise. I believe running PHP as an Apache module basically boils down to sacrificing security for performance since everything runs as the Apache user. On a shared server running PHP as an Apache module, it’s very easy to mess with other users on the box unless you lock down certain stuff with safe mode. If you really need to run PHP as an Apache module and also use stuff like exec, it may make more sense to look into a dedicated server.

This is a good starting point for PHP security info:
http://www.php.net/manual/en/security.index.php

But, like I said, I’m very new here, so I may not be a qualified judge of what scripting options are/should be available.


#3

RTFM and commentary:
https://panel.dreamhost.com/kbase/index.cgi?area=2526

Basically, if you run everything as php-cgi you can do almost anything you like. I suppose there’s a bit of give and take but for the most part I’ve given in to running php as cgi. You can set it in the panel or root htaccess to NOT run as php-cgi then localize that (php-cgi) to certain dirs based on need by way of htaccess if that helps at all. If you’d like to “turn on” php-cgi via htaccess insert the line:

AddType php-cgi .php

Hope that was helpful.

[color=#0000CC]jason[/color]