| |||||||||||||
This is the most ridiculous commentary...This is the most ridiculous commentary...Posted Dec 20, 2011 10:17 UTC (Tue) by smurf (subscriber, #17840)In reply to: This is the most ridiculous commentary... by job Parent article: Cracks in the Foundation (PHP Advent)
FastCGI and separate PHP processes per user, of course.
It doesn't make any sense at all to bloat your Apache with mod_php. If you have 200 Apache processes, of which 10 are needed for PHP, the (non-trivial, these days) memory space of 190 PHP interpreters sits idle. It can't even be swapped out because the set of Apache processes working on PHP requests constantly changes.
Using FastCGI, you have 10 busy PHP interpreters and 190 "normal" Apache (or lighttp or
) processors, and you get to run each customer's PHP stuff under their own UID instead of having global access to anything that's readable by www_data when (not if) the next security hole is discovered.
(Log in to post comments)
This is the most ridiculous commentary... Posted Dec 20, 2011 11:09 UTC (Tue) by job (guest, #670) [Link]
For large web apps this is (and has always been) true. But the issue here is altogether different.
A large shared webhost has many thousands of web sites and only a few of them are active at any time. It is unreasonable to keep thousands of idle PHP processes around (and that is without room for concorrency which would be required in production).
That is what the web hotel business is all about, very cheap hosting, and this is what made PHP popular.
This is the most ridiculous commentary... Posted Dec 20, 2011 12:23 UTC (Tue) by smurf (subscriber, #17840) [Link] Sure it's unreasonable to keep them around. So let them die when they're no longer useful.Large sites increase the likelihood that somebody, somewhere on your system, is running code with a security hole or two. So it's even more important to shield individual customers from each other. Your decision, of course. But the web servers I am responsible for will never load mod_interpreter, much less mod_php.
This is the most ridiculous commentary... Posted Dec 20, 2011 16:14 UTC (Tue) by job (guest, #670) [Link]
When the number of idle sites are order of magnitudes larger than the number of active sites at any given moment that solution is equivalent to running PHP as CGI. That would price you out of the market. (And spare me the morals please, as much as I'd like to see mod_php dead it is still an important market which drove PHP's success.)
PHP won because of mod_php, but mod_php won the low end market because of safe_mode. My question still stands, what should replace it? Maybe SELinux can?
This is the most ridiculous commentary... Posted Dec 21, 2011 12:02 UTC (Wed) by andresfreund (subscriber, #69562) [Link]
> When the number of idle sites are order of magnitudes larger than the number of active sites at any given moment that solution is equivalent to running PHP as CGI. That would price you out of the market. (And spare me the morals please, as much as I'd like to see mod_php dead it is still an important market which drove PHP's success.)
Right, because idle sites cause that much load that cgi is actually a problem... Its the website that actually use their allotted bandwith/load/whatever that are a problem not the thousand with 3 visitors a day.
This is the most ridiculous commentary... Posted Dec 22, 2011 0:22 UTC (Thu) by job (guest, #670) [Link]
On a large shared web host, a very small percentage of the sites are have traffic at any given time, but it's still a lot in absolute numbers.
The only possible way to cram as many sites as possible on your host is to run them with a common interpreter, which can pose security problems. That's where mod_php succeeded.
(By the way, I got the answer to my specific question below, which is that other restrictions still apply.)
|
|||||||||||||