Olaf van der Spek wrote:
I agree that FastCGI is the better technical solution, I'm just stating that neither the Apache documentation nor the PHP documentation seems to state that. Even worse, they hardly document the FastCGI way at all.
FastCGI is a technically subpar way to execute trusted, valid PHP. So is the handler method, the most efficient is the httpd 2 filter method which should work fine since John and I spent a bunch of time on it. However, only a CGI sapi or FastCGI can compartmentalize your untrusted PHP applications. People have always been under some preconception that it's good to run untrusted code in-process within httpd, while numerous "vulnerability" reports in the past (and many to appear over the future) all bear out that it's a really stupid idea. FastCGI is also a so-so way to get around libraries which aren't thread- safe, running worker or event mpm's. Of course, using the 21st century equivalents of those libraries probably isn't a bad solution either. Bill
