Jille Timmermans wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello hackers!
I was thinking of creating a more secure environment for running
webscripts (mod_php in my case),
I want to run php scripts as their owner.
I tought of the following scheme's:
http://junk.quis.cx/fViKmLRi/apache-user-scheme-p1.png
http://junk.quis.cx/bPkxwAbI/apache-user-scheme-p2.png
.....
The image in p2, is roughly what the 'perchild' MPM tried to do.
Its all feasible, its mostly a question of having a willing developr to
iron out all of the bugs on perchild or start with a new code base.
....
How do you think about this idea ?
It does decrease the performance a bit (Workers should parse the
request, put it in some shm, Executive should pick it up from the shm
and really run the php-script (See the links above for the terms Worker
and Executive)
But if the option is not specified it is possible to do it 'the old way'.
Would it be possible to implement this as an MPM, or MOD ?
Yes, it should be possible to do this in an MPM.
Not to discourage you, but this is a hard problem, and many hours have
been spent on it before without much resulting, but I would welcome
someone who wants to do it :-)
-Paul
