suPHP

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

suPHP

Post by matthijs »

With a lot of hosts I have troubles with the permissions setup. Often way too loose permissions (even 777) are needed to run php scripts, etc. Now in one case the webhost offered me to switch a site to use suPHP. That way, if I understood correctly, the php scripts always run as their own owner and there should be less trouble with permissions.

Do you know if this has any other (wanted/unwanted) consequences?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: suPHP

Post by kaisellgren »

Are there drawbacks to this scenario? I doubt. Have you tried running some scripts?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: suPHP

Post by Weirdan »

matthijs wrote:Do you know if this has any other (wanted/unwanted) consequences?
As you're not running PHP as apache module you will not have access to apache api. By default apache will not pass basic http auth credentials to your script.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: suPHP

Post by matthijs »

kaisellgren wrote:Are there drawbacks to this scenario? I doubt. Have you tried running some scripts?
No not yet as I haven't told the webhost to switch the account.
Weirdan wrote:As you're not running PHP as apache module you will not have access to apache api. By default apache will not pass basic http auth credentials to your script.
So what would be the meaning of that? When do you need apache to pass credentials to a script?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: suPHP

Post by Weirdan »

matthijs wrote:So what would be the meaning of that?
Two separate issues, usually not apparent to those who switch to CGI/FastCGI from mod_php.
matthijs wrote: When do you need apache to pass credentials to a script?
Well, that's obvious - when you need to perform authentication yourself instead of relying on apache to do that.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: suPHP

Post by matthijs »

Weirdan wrote:
matthijs wrote:So what would be the meaning of that?
Two separate issues, usually not apparent to those who switch to CGI/FastCGI from mod_php.
ok, and what are those issues then?
Weirdan wrote:
matthijs wrote: When do you need apache to pass credentials to a script?
Well, that's obvious - when you need to perform authentication yourself instead of relying on apache to do that.
Obvious to you maybe, but not for me. When do you rely on apache for http credentials? When you use .htaccess and .htpasswd for authentication?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: suPHP

Post by kaisellgren »

If your script works fine across other HTTPDs, there should be no problem. Try Cherokee, nginx and IIS.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: suPHP

Post by matthijs »

kaisellgren wrote:If your script works fine across other HTTPDs, there should be no problem. Try Cherokee, nginx and IIS.
great, that shows how much I still have to learn. of those 4 terms I am familiar with 1 :roll: :)
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: suPHP

Post by Weirdan »

matthijs wrote:
Weirdan wrote: Two separate issues, usually not apparent to those who switch to CGI/FastCGI from mod_php.
ok, and what are those issues then?
Weirdan wrote:
  • As you're not running PHP as apache module you will not have access to apache api.
  • By default apache will not pass basic http auth credentials to your script.
Post Reply