To suPHP or not to suPHP?
My main concern is security then speed. As it is right now, loading a log-in page takes an average of 4000+msec with ab -n 100 -c 100.
The site is expected to have large bursts of visitors, probably 100s of hits a second.
Currently it is running suPHP with Suhosin. I am thinking of changing that to FCGI + Suhosin + suEXEC. Will that be as secure as suPHP? The reason for wanting to change is so I can use xcache and the like and hope for some acceleration of some pages.
Thanks for any advice.
5 Replies
I'm running apache2+fastcgi_2.4.7+php5.2+APC+suexec on my ubuntu 10.04 web servers with good results. There are a few snags you should be aware of.
Php-cgi needs to be set as the process manager for the php interpreter not fastcgi. This is because APC will only share cache across one process. This isn't a big issue, but it has some trickle down effects.
You need to use fastcgi instead of fcgi because of the way fcgi issues php calls to the cgi process (1 render call per php-cgi manager pid). Just set maxClassProcesses to 1 in your fastcgi config, and then set PHPFCGICHILDREN in your wrapper script to how ever many php processes you want running.
There's a bug in the latest version of fastcgi in the 10.04 repo (bug
All that said, it wont help against sql injection attacks etc, you need to be aware of all the vectors.
Hope that's helpful.
How many sites do you plan on running on your Linode?
suphp/suexec gives you extra security only if you have more than one site on the same server, and you don't trust the administrators of those sites. (Think of a web hosting business.) The primary purpose of suphp/suexec is to isolate sites from one another, so that one hacked site won't affect other sites. It doesn't bring any additional protection to individual sites, so it won't make sense if there's only one site.
The popular nginx + PHP-FPM stack uses the exact same security model, by allowing PHP scripts to run as any user you specify. IMO it's easier to set up and maintain than an Apache + FastCGI + suExec setup, and often saves RAM. But if you're comfy with Apache, that's also fine.
My main concern is that if someone manages to take a site down without suEXEC, they could gain root or abuse the other site.
Is my assumption correct?