6

I've always believed that PHP works better installed as an Apache module, but recently, someone on a local forum pointed out that running PHP as CGI is better security-wise. I've done some googling and it appears that Dreamhost defaults its PHP installation to working via CGI. Now I'm a little puzzled.

As far as I understand (I'm no sysadmin, just a web developer), there's the problem of user permissions when PHP is installed as an Apache module. And there's the problem of speed when using PHP via CGI (or it was).

What's the recommended way nowadays for installing PHP? On both shared and dedicated hosting.

IonuČ› G. Stan
  • 385
  • 1
  • 4
  • 12

3 Answers3

7

Running PHP as a module is usually more efficient, but means all scripts run under the same user account (what-ever account Apache runs as) which can pose security concerns in a shared environment.

CGI is much slower as it starts a new PHP processes for every request that needs one, but can be configured to run each script as the user that owns it which can be much more secure in a shared environment.

FastCGI can be more of a pain to setup, but comes close to the speed of running as the PHP module.

David Spillett
  • 22,534
  • 42
  • 66
5

Generally speaking, the only reason you would want to run CGI is in a shared environment.

This allows you to have an suEXEC style (see: suPHP) arrangement where scripts are only executed as the owner's UID/GID and have limited permission to anything else on the filesystem.

Otherwise mod_php is far more efficient and often easier to debug.

Dan Carley
  • 25,189
  • 5
  • 52
  • 70
1

With FastCGI I can restart PHP without restarting the server (just kill the PHP processes, server will notice it and immediately restart them).

Kornel
  • 1,075
  • 1
  • 11
  • 16