>Hi, >I am not sure if it is a right email address to ask question, if it is not >plz disregard this email :) >if it is this is my Q: >I am reading a book about php, in its security section, it says " it is more >secure, as well as more efficient when installing PHP, to install PHP as a >SAPI module for your Web server that to run it via the CGI interface" >do you know how can I do that? what is SAPI? >Thank you for your time
It's definitely more efficient. A case could be made for times when using PHP as a CGI (via suExec) could be "more secure" for doing certain kinds of things, though. I'm not at all there there's any real security difference from Module/CGI even without the caveats. Anyway, a SAPI allows PHP to live like a wart on the back of the web server. So, like, it becomes a part *OF* the web-server which is *already* running, and waiting to serve up web pages, and if PHP is already there, it just calls the main PHP function to start doing PHP. There is ISAPI for IIS, and ASAPI for Apache and so on. API is A-something Programming Interface or some such, and it's just a fancy acronym for saying "we designed a logical reasonable set of functions that you can use to interact with our software without going crazy trying to figure out all the gory details inside" I think the "S" part is for "S"erver. Anyway, for Apache, you just configure it --with-apxs (or --with-apache, but that's less fun) instead of the php binary in /usr/local/bin. You also configure httpd.conf with the LoadModule and AddHandler instead of the Action. (Action is for CGI) For IIS, you use the php4nts.dll or something like that and make it a "filter" (MicrosoftIsm for Module) instead of the php.exe For other web-servers, it's pretty much the same idea, though I got no clue how to configure them... If you're stuck with one of them, and no PHP examples are coming up, find a Perl example, and do everything the same, only plug in PHP where it says Perl. -- Like Music? http://l-i-e.com/artists.htm Off-Topic: What is the moral equivalent of 'cat' in Windows? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php