Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74064 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 98222 invoked from network); 8 May 2014 15:30:36 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 May 2014 15:30:36 -0000 Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.46 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.216.46 mail-qa0-f46.google.com Received: from [209.85.216.46] ([209.85.216.46:56717] helo=mail-qa0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 60/53-15882-913AB635 for ; Thu, 08 May 2014 11:30:34 -0400 Received: by mail-qa0-f46.google.com with SMTP id w8so2721240qac.33 for ; Thu, 08 May 2014 08:30:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zTwLgq3WWEKe8Lx/urOsIAk4fOs3fC9opc1I/c+fTvk=; b=M+jjUDaHt9IWb2EVlfbNBGCfTYq/phjA4jIha7pUttJKCevdQplGbDcqz8fiTzXaBj C7n7NMof0wpXfP9nyMVhR9JG3keXbVvIkFhbrGlY/fud+oWZgHGsJa+TRp7IeY3OhTBB Zm8vWND7XygwN1ET14wxs5Lyide7TF309Xy0QdA49/IxfoZHseYtQbBkeg5iNKdNM5lJ RUffLTbX9ZrlJM5/Z++vpO4pLDqfeDlSVHiw7NTUHbNbrYLfiXgSoX+OTCPLTOdQt0I6 PY5LxtIVkFXXzmYOz5WernQ2bmhCqfFT3I2FePR5D959Oh5hD221FLlG8xmcOOheKCPF 9aRg== MIME-Version: 1.0 X-Received: by 10.140.90.84 with SMTP id w78mr5757337qgd.52.1399563031170; Thu, 08 May 2014 08:30:31 -0700 (PDT) Received: by 10.140.17.34 with HTTP; Thu, 8 May 2014 08:30:30 -0700 (PDT) In-Reply-To: <7B1422B2-8D2C-47AF-BEB6-1C6DF9BB043D@ajf.me> References: <5369CED9.5010001@php.net> <4339111475046055305@unknownmsgid> <578A5A21-A820-42AD-A218-FB8049F63B82@zend.com> <4023102707179619765@unknownmsgid> <7EA5660E-B264-4332-AE06-9BB4610050AB@zend.com> <-1685780700287010055@unknownmsgid> <7B1422B2-8D2C-47AF-BEB6-1C6DF9BB043D@ajf.me> Date: Thu, 8 May 2014 17:30:30 +0200 Message-ID: To: Andrea Faulds Cc: Zeev Suraski , Andi Gutmans , Sebastian Bergmann , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c117a850807304f8e5290e Subject: Re: [PHP-DEV] phpng: Refactored PHP Engine with Big Performance Improvement From: tyra3l@gmail.com (Ferenc Kovacs) --001a11c117a850807304f8e5290e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, May 8, 2014 at 4:37 PM, Andrea Faulds wrote: > > On 8 May 2014, at 15:29, Ferenc Kovacs wrote: > > > I think this actually shows how little understanding there is in the mark= et > in terms of how easy migrating to FastCGI is. > > > setting up fastcgi is a bit more complicated for the less tech savy peopl= e. > it adds another step of indirection, stuff like using mod_fcgid or > mod_fastcgi, using unix sockets or tcp, setting up the correct timeout > settings through the pipe, max request length, etc. > > > It=E2=80=99s also easier for new users to configure it wrong. A lot of se= rvers > have been misconfigured with FastCGI and have PATH_INFO-related exploits. > You can=E2=80=99t make the same mistake with mod_php. > -- > Andrea Faulds > http://ajf.me/ > > > > > apache+mod_php also had it's fair bit of insecure default configurations until distros figured out how to properly set it up: http://ilia.ws/archives/226-Beware-of-the-default-Apache-2-config-for-PHP.h= tml --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a11c117a850807304f8e5290e--