Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CGI Binary or PHP as Apache module 1

Status
Not open for further replies.
jamor1999

jamor1999

Technical User
Jun 26, 2001
182
US
Hi everyone,

I don't know whether this post belongs here or in the Apache board, but here goes.

I've been reading (just started playing with Apache for Windows and PHP) and I found something at PHP.net regarding security issues in the CGI Binary install.

Now, I don't understand most of what's explained on the site in either the CGI Binary or Apache Module sections.

Would anyone be willing to put it all in laymen's terms for me? I just want to know which installation I should shoot for, and I would like to understand why one is the better option.

Thanks!
 
Sort by date Sort by votes
I always recommend running PHP as an Apache module. You get the best performance and the greatest functionality.

You can, for example, use Apache .htaccess security and make the login credentials available to PHP. This is only possible of PHP is running as an Apache module.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I remember back in the day, when you could call php to cat peoples passwd files. That was funny. Then they patched it and logged your IP address if you attempted it.

I wouldn't be too worried. PHP is fairly secure as a binary interpreter. They have gone to alot of trouble to make this possbile.

"CERT advisory CA-96.11 recommends against placing any interpreters into cgi-bin. Even if the PHP binary can be used as a standalone interpreter, PHP is designed to prevent the attacks this setup makes possible"

Nothing is 100% secure... humans code, and humans error... therefore I'm sure as time goes by someone who has too much time will thumb through the source and find a breach... however I wouldn't worry myself over it.

I have run (but prefer not) PHP as a CGI within the cgi-bin. I find that the module makes my life easier, however it is my life. ;)

I wouldn't be too concerned about it. I haven't seen any security issues come across my desk for some time about the PHP CGI, but thats just my 2 cents. [morning]

- "Delightfully confusing..." raves The New York Times

-kas
 
Upvote 0 Downvote
How exactly would I place the interpreter in the cgi-bin in apache?

A guess, move E:\php4\php.exe to
E:\Program Files\Apache Group\Apache\cgi-bin

and edit my httpd.conf file accordingly????
?????

Just want to make sure I know what I'm trying to avoid

And I'm sorry if I sound like a complete doe - doe :)

One more question, while I have the experts' attention: what's your favorite online resource for info (preferably for beginners) on Apache?

Thanks so much by the way!

 
Upvote 0 Downvote
Now that, my friend is a Apache question. I retain enough knowledge about setting up Apache to forget it once I'm done. ;)

- "Delightfully confusing..." raves The New York Times

-kas
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Locked
  • Question
PHP Debugging
Replies
1
Views
497
cdlvj
cdlvj
W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
338
wiltang2004
W
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
690
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
513
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
619
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top