Hi, I hope this is not too off-topic - otherwise tell me and I'll post a follow-up to whatever place you think would be more appropriate.
I never liked the idea of running mod_php in a virtual hosting environment, thus I sought for alternatives. I stuck to the "PHP Patch for cgiwrap" which now runs reliably for several month on a production server. http://www.klaban.torun.pl/patches/cgiwrap/ Unfortunately, this patch was never approved by the cgiwrap dev team (it was silently ignored). Today I stumbled over mod_cgi / mod_phpcgiwrap which aims to do the same thing: invoking the PHP binary transparent to the user, thus being a real alternative to mod_php. http://steven.haryan.to/mod_cgiwrap/mod_cgiwrap.html But the latter does not look very trustworthy, for example he suggests the following: Q: HTTP Authentication with PHP does not work. A: Recompile Apache with -DSECURITY_HOLE_PASS_AUTHORIZATION without even mentioning possible risks of activating a "SECURITY_HOLE" (although I do not exactly know what this parameter does, the programmer's credibility is not anymore very high). Has anyone of you experiences with the aforementioned patches (regarding security)? Yes, I know CGI is much slower than the module, but I absolutely need the script running "as user", as I'm calling imagemagick.org from shell (and yes, I know there is a EXPERIMENTAL php module for imagemagick). Daniel -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
