Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help with php parsing on apache

Posted on 2011-02-22
3
Medium Priority
?
619 Views
Last Modified: 2013-12-13
Is it a good idea to run suEXEC when your using fcgi to parse your php files on apache?
0
Comment
Question by:sparingatom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
wwwdeveloper2 earned 2000 total points
ID: 34957531
what issues are you specifically worried about?  Security, stabilization, or what?

Running suEXEC is a good idea for running the applications as different users, especially if you are in a shared hosting environment.  Just understand that there are a lot of assumptions that you are familiar with your system's security or using suExec can open a lot of holes.  

Here is a good article that might be worth you reading if you are planning to go this route.  Just be safe and you can definitely run with this type of setup.

http://httpd.apache.org/docs/current/suexec.html

0
 
LVL 2

Expert Comment

by:schwomp
ID: 34963435
Hello!

> or using suExec can open a lot of holes.  

Could you explain?

I am using suexec with fcgid and it works like a charm.

Bye
0
 
LVL 3

Expert Comment

by:wwwdeveloper2
ID: 34963495
Schwomp -  Check the link I submitted - It is way too much to explain here, but if you want to submit a question maybe it would more help.  

"Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs. However, if suEXEC is improperly configured, it can cause any number of problems and possibly create new holes in your computer's security. If you aren't familiar with managing setuid root programs and the security issues they present, we highly recommend that you not consider using suEXEC."  - From Apache
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question