Mailinglist Archive: opensuse (929 mails)

< Previous Next >
Re: [opensuse] public_html security

On 14-03-23 09:37 PM, Cristian Rodríguez wrote:
El 23/03/14 22:04, Ted Byers escribió:

What is PHP FPM.

Esentially is a modern version of php-fastcgi

and, if I were to create a PHP CGI script, why would I
use it (and would I write that code differently than what I ought to do
using only PHP with the Apache module)?

You do not need to write different principle :-)

Hmmm. the last time I looked at FastCGI (in one case for C++ and in the other for Perl), which admittedly was a while ago, the code needed to be structured differently, with a loop that runs forever, listening for requests, which then invoked the function call appropriate tot eh request (and the content of that function call was basically what would have otherwise been the CGI script), and extra care was required to ensure that request data did not bleed through one request to the next.

Do you know, off hand, whether or not WordPress would run properly (and securely) if Apache was configured to execute all PHP code using FPM instead of mod_php? (Or should I ask that on the WordPress forum?)

Why use it..well..where I start..

- It is probably the only thing developers are using and paying attention to.

- It allows you more fine granted control of what the scripts can do.

- It runs in a memory space separate from the webserver. this is important. if you can compromise the interpreter due to a bug when running as an apache module, you can as well take control of everything running on the apache installation, load nasty modules, alter the webserver process.. oh boy.

- It can be integrated with systemd and do all sorts of cool stuff -->

What is your take on Facebook's Hack with HHVM, as a putative replacement for PHP FPM?

Thanks. It looks like I have some investigation to do.


To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >