Re: Is PHP still slower than Perl?
From: Michael Vilain
Date: 10/03/04
- Next message: Captain Nemo: "This should be easy, but..."
- Previous message: Simon Stienen: "Re: filesize"
- In reply to: Tim Van Wassenhove: "Re: Is PHP still slower than Perl?"
- Next in thread: _at_: "Re: Is PHP still slower than Perl?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 03 Oct 2004 07:41:41 -0700
In article <2s9iveF1hqd7aU1@uni-berlin.de>,
Tim Van Wassenhove <euki@pi.be> wrote:
> In article <vilain-6975D5.21011202102004@comcast.dca.giganews.com>, "Michael
> Vilain <vilain@spamcop.net>" wrote:
> > One thing I'm unconvinced of is security. With database applications, I
> > have to put passwords to the database inside php scripts and they have
> > to be readable by the web server which runs under the nobody UID.
> > Instead, I chose to do parts of my site with Perl CGI and CGIwrap. This
> > allows me to protect the files from group or other access as these
> > scripts run as my account's UID.
>
> But you can use PHP in CGI too. And use suExec to run it under a
> different uid.
>
> > I found recently that you can put such files outside of the server's
> > DOCUMENT ROOT and get access through the php include_path global, but
> > the web server still needs access to the file.
>
> http://shiflett.org/articles/security-corner-mar2004
>
> > One thing I like about php is that each script is stored in the usual
> > place in the user's document directory. The files are executed and the
> > output is displayed without having to put everything in the ScriptAlias
> > directory (usually cgi-bin).
>
> Once again, this is purely a webserver configuration issue.
I think I'm more constrained by how my web hosting company has
configured their web host. Their Apache is compiled without suExec (a
Good Thing[tm], I think) and can I can only run php from Apache as
there's no php command line installed. The mechanism they offer for
running code under my UID is CGIwrap and perl.
I suppose if I wanted to spend the money, I could co-locate a system in
their datacenter and get any hosting environment. But what they offer
is "good enough", only costs $25/month, and the support guy answers the
phone on the 2nd ring, usually. Their security constraints don't get in
the way of me doing web development and I don't have to admin any
machine but my desktop.
-- DeeDee, don't press that button! DeeDee! NO! Dee...
- Next message: Captain Nemo: "This should be easy, but..."
- Previous message: Simon Stienen: "Re: filesize"
- In reply to: Tim Van Wassenhove: "Re: Is PHP still slower than Perl?"
- Next in thread: _at_: "Re: Is PHP still slower than Perl?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
