If someone can answer this for me adequately, I will be SO appreciative. There's a lot written here, but I don't need one line of code...just some good advice to help me understand.
For a while now I've provided clients with custom CMS to fit their pages, written by me. The two main methods of writing their content are:
1) After the user submits updates or new pages, PHP writes out the new or modified file
2) After the user submits updates, PHP updates a MySQL database with changes
In situation (1), it's supposedly better because there is less server load due to less MySQL queries. The end-user is just viewing straight up HTML and no querying is really happening. In situation (2), the end user obviously is viewing page content from a database which may (slightly?) increase server load.
However, a HUGE obstacle I have is that in situation (1), we have major security issues. To allow PHP to write to files, Apache has to be set up as the user for your whole web content directory (otherwise no permission to write out or modify files). My security guys say that you want to seriously limit the number of directories that Apache can write to...because if the site is ever compromised, hackers will use Apache to go nuts to all those directories. So, it seems solution (1) is pretty insecure.
So, it seems that to let PHP write out files causes security risks, especially if PHP is allowed to write to the public directories of my site.
But it seems that having all my content pulled from a database is slower?
My question is, then, how do the CMS systems like Drupal, Joomla, etc. do it? It seems they cache pages, but wouldn't they have to do something similar to obtain permissions? And is it really THAT much slower to allow all my content to be pulled from a database? Doing that seems easier in many ways.
Thanks!
Start Free Trial
