PHP as CGI or Apache Module

Forum Moderators: coopster

Message Too Old, No Replies

PHP as CGI or Apache Module

What's the difference?

ebloggy

8:02 am on Sep 12, 2003 (gmt 0)

I would like to know what's the difference when PHP is installed as CGI or as an Apache Module.

If as CGI, does it mean that all PHP scripts must come from cgi-bin?

It there greater security when using CGI?

When using CGI, does it actually restrict anything as opposed to Apache Module?

Thanks in advance.

daisho

3:50 pm on Sep 12, 2003 (gmt 0)

Apache Module gives you *SPEED* since the PHP engine is always running and is part of every child of apache. Also this lets you use persistant database connections.

The issue is that PHP then runs as the same user with the same rights as apache. This can be an issue on a shared server. PHP does have some features that can limit this and still give you the speed benifits.

As a CGI you can use apaches SETUID program to make PHP run as your user account. This gives greater security. The issue is that when the script ends so does the PHP engine. Theirfore every call to a page has a penalty of starting up PHP and then compiling/running the script.

ASAPI Module = Fast, Hard to secure
CGI = Slow, Easier to secure (note that I said easier. Just because you installed the CGI does not mean your secure. By default CGIs are still run as the apache user so by default CGI gives you no more security and slower performance)

daisho

Friday

1:47 am on Sep 13, 2003 (gmt 0)

It's also my understanding that there are limitations when running PHP as a CGI process; e.g: the inability to manipulate Environmental and/or header variables ( Or something like that ,I "think").

daisho

4:21 am on Sep 13, 2003 (gmt 0)

You can do both in a CGI.

jatar_k

5:58 pm on Sep 13, 2003 (gmt 0)

My primary issue has always been speed.