Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:33033
Return-Path: <mark@suso.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 13231 invoked by uid 1010); 5 Nov 2007 19:32:59 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 13216 invoked from network); 5 Nov 2007 19:32:59 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Nov 2007 19:32:59 -0000
Authentication-Results: pb1.pair.com smtp.mail=mark@suso.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=mark@suso.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain suso.org designates 216.9.132.134 as permitted sender)
X-PHP-List-Original-Sender: mark@suso.org
X-Host-Fingerprint: 216.9.132.134 mail.suso.org Linux 2.5 (sometimes 2.4) (4)
Received: from [216.9.132.134] ([216.9.132.134:50846] helo=arvo.suso.org)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 31/E1-03007-AEF6F274 for <internals@lists.php.net>; Mon, 05 Nov 2007 14:32:59 -0500
Received: by arvo.suso.org (Postfix, from userid 509)
	id C719588105; Mon,  5 Nov 2007 19:32:00 +0000 (GMT)
Date: Mon, 5 Nov 2007 19:32:00 +0000
To: Alexey Zakhlestin <indeyets@gmail.com>
Cc: internals@lists.php.net
Message-ID: <20071105193200.GF12944@arvo.suso.org>
References: <20070826193146.GQ16782@arvo.suso.org> <46D1ED8A.2060302@zend.com> <20070827024804.GS16782@arvo.suso.org> <46D26834.9040001@lerdorf.com> <20071105171202.GA12944@arvo.suso.org> <cd5680a20711051035i3feee5fat2da7b6726906d547@mail.gmail.com> <20071105184158.GD12944@arvo.suso.org> <cd5680a20711051102n112c872ax63c1441f7c107e91@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cd5680a20711051102n112c872ax63c1441f7c107e91@mail.gmail.com>
User-Agent: Mutt/1.5.11
Subject: Re: [PHP-DEV] Safe mode being removed in PHP6?
From: mark@suso.org (Mark Krenz)

On Mon, Nov 05, 2007 at 07:02:05PM GMT, Alexey Zakhlestin [indeyets@gmail.com] said the following:
> Did you just ignore the part about fastcgi?
>

  No I didn't, I just feel that fastcgi/suexec/mod_suphp doesn't handle
all of the ready to run programs out there completely. Besides that, the
whole point of PHP was that it was made to be part of Apache originally,
so why not just have us all write Perl scripts?

  See, my problems with PHP setups come down to this:

   A. I could run PHP without safe mode and only have open base dir on
      and be wide open for breaches.

   B. I could run mod_suphp/suexec/fastcgi for everyone and then certain
      programs would not run right. Performance would take a bit of a
      hit.  People would say "Why are you running it like that, you're dumb,
      etc."  My impression of this scenario is based on a few years old
      information, testing and perhaps not enough research so maybe I should
      look into this method again.

   C. I could use the metux MPM, but then I couldn't do SSL, which means
      no ecommerce sites.

   D. I could run things the way I have it now, but that won't last
      because PHP 6 is on the way.

   E. I could run Apache chroot and have 50 instances of Apache running
      on a server.  Performance would no doubt take a hit, even with
      lots of CPUs and RAM.  I have also planned for about 200 users per
      server so I'd be losing a lot that way.  Complexity would go way up as
      well as management time and I'd have to deal with users messing up their
      chroot environments.

   F. Try to get the mpm-itx setup working, but that's an unknown right
      now.

  I should have taken that sign more to heart that I read one time:
"Formula for failure: Try to please everybody".

  Mark

 

-- 
Mark S. Krenz
IT Director
Suso Technology Services, Inc.
http://suso.org/