[kwlug-disc] Security arguments

Khalid Baheyeldin kb at 2bits.com
Tue Sep 22 15:02:05 EDT 2009

> One way in which Apache could improve is to make privilege separation
> easier. On a shared host, there is no reason why my insecure PHP
> scripts and your fully-patched Drupal installation should be running
> under the same user ID. But you see that sort of thing all the time.

Apache has that feature via suExec


If you are using static content, it is directly usable.

If you are using dynamic content, it prevents you from using mod_php, the
fastest way of running PHP. In practice, shared hosts force you to use CGI,
which is fine for low traffic site, but very inefficient if your site gets
a medium amount of traffic.

I see that fcgid (FastCGI support with process management) says it supports
SuExec too:


This is very promising since it addresses the scalability issue. I have yet
to try it
Khalid M. Baheyeldin
2bits.com, Inc.
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20090922/4ca30a13/attachment.html>

More information about the kwlug-disc mailing list