Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CGI vs Module

Status
Not open for further replies.
jjpetrucelli

jjpetrucelli

Programmer
Dec 5, 2003
99
0
0
US
Im not finding any information that can lead me to the difference between installing PHP as CGI or a Module. I have info, it just hasnt been enough for me to understand. I am not familiar with the effects of the differences. I am transforming a site from CF to PHP and I know that within the CF there are some CGI scripts. The website I am working on is about 100% dynamic and will utilize the PHP. Can anyone give me some more info, suggestions, or point me in the right direction for info? Please let me know if I am not clear of if you have any questions to clarify my situation.
 
Sort by date Sort by votes
Module is usually less resource intensive because it does not require the expense of an 'exec()' call and uses a little less memory for subsequent calls.

CGI can be made more secure in some environments because the php script can run under different user permissions than the web server.
 
Upvote 0 Downvote
Some things work differently e.g. you have to use the module to do http authentication.
I wonder if anyone knows why ?, i thought it was all to do with headers
 
Upvote 0 Downvote
That sounds strange to me. If you require .htaccess in your, it should require authentication.

Yep, I just tried it and it worked. You can't htaccess protect a ScriptAlias directory, but you can put your scripts in a normal directory, require authentication in instruct apache to dispatch the script based on extension.
 
Upvote 0 Downvote
mmmm my source must be wrong !, i'll try to find it !
 
Upvote 0 Downvote
I see what you're saying. PHP can intercept the Auth Handler of apache. You are right, you can't override the Auth Handler except in a module, you can still protect your CGIs using an auth handler that *is* installed.
 
Upvote 0 Downvote
ericbrunson or anyone ~ the pro's of both mod and cgi sound interesting, of course both speed and security are of major interest. Can you give me an example of a scenario of when the php script can run under different user permissions than the web server? Im trying to figure out if i can go with the module for speed (less resources) while not negotiating any security...
 
Upvote 0 Downvote
i like this quote from the linked page;

"If you aren't familiar with managing setuid root programs and the security issues they present, we highly recommend that you not consider using suEXEC."

I think that was written specifically for me, so it sounds like I want php as a module?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

johngiggs
  • Locked
  • Question
PHP 5.3.3 vs. PHP 5.4.16
Replies
8
Views
82
johngiggs
johngiggs
aa__live
  • Locked
  • Question
php loading modules query 2
2
Replies
39
Views
228
aa__live
aa__live
kjv1611
  • Locked
  • Question
Or vs || 2
Replies
5
Views
61
kjv1611
kjv1611
svar
  • Locked
  • Question
Local vs remote database 2
Replies
8
Views
62
feherke
feherke
peterv12
  • Locked
  • Question
fetch vs. fetch_object in PDO, which to use when?
Replies
2
Views
23
peterv12
peterv12

Part and Inventory Search

Sponsor

Back
Top