So by user nobody, you mean in the httpd.conf file in the <virtualhost tags the user and group?
I have it set to user username and group username for each account, since all of our boxes use SuExec. So mod_perl is safe.... Ok. one other question. If I do upgrade to Mod_Perl, can I still run regular Perl scripts, without using Mod_Perl, or do I have to use one or the other, only. Thank you, Richard. PS> I just replied to the PerlMonks reply you did. Thank you. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, December 28, 2002 12:08 PM Subject: Re: Apache::Session::MySQL > > Ah. ok. I don't use Mod_Perl, I hear it is a big security risk, since > > it runs as root. Is this true? > > It's not true. The parent process runs as root in order to open port 80, > but that's the same for CGI as well. The child processes that actually > handle requests runs as whatever user you specify in httpd.conf (typically > "nobody"). > > I love how much faster it is, it's not > > that much faster, but enough to make me upgrade all my boxes if it is > > not a security risk. > > If you have clean code (use strict and -w) that will run under mod_perl, > you should definitely take advantage of the speed increase. Depending on > what you're doing, it can make a really huge difference in performance. > I do recommend that you fix your current Apache::Session problem first, > before thinking about converting to mod_perl. > - Perrin > > > > >
