Ea3 and secure php

[adapter]

Hi

i have install a new box with Cpanel 11 and Apache 2.2 now i would try to use a secure php configuration, i have compile php with fastcgi but i dont see it in php -m and apache request still show "nobody" user, which ea setting i need to enable to get a good php conf?

[PHP Modules]
bcmath
bz2
calendar
ctype
curl
date
dbase
dom
exif
filter
ftp
gd
gettext
hash
iconv
imap
json
libxml
mbstring
mcrypt
mhash
mime_magic
mysql
pcre
posix
Reflection
session
SimpleXML
soap
sockets
SPL
standard
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
zip
zlib

 

[cPanelDavidG]

Here's a link to our documentation on hardening PHP:

http://www.cpanel.net/support/docs/ea/ea3/ea3php_hardening_php.html

 

[adapter]

thanks for the link, searching on the forum i have read that the better way is to use SuPhp + fastcgi but other people say that suphp take a lot of server resource, so what do u think that we need to use to get the php request with the userid of the account?

 

[cPanelDavidG]

thanks for the link, searching on the forum i have read that the better way is to use SuPhp + fastcgi but other people say that suphp take a lot of server resource, so what do u think that we need to use to get the php request with the userid of the account?

* SNIPPED *

Another issue can be if you have several thousand accounts serving PHP and now you have many more instances of SuPHP in memory than you really need to be there due to FastCGI. Keep in mind, FastCGI enhances performance by keeping instances of the interpreter in memory longer than it's really needed (in anticipation of a future request, so disk I/O of loading the interpreter is avoided). * SNIPPED *This may not be an ideal solution for those with many accounts or limited memory resources.

In production, I haven't encountered noticeable sluggishness on the part of SuPHP and I personally like the security it provides. I have found myself thanking SuPHP from preventing scripts I was experimenting with from going too far in terms of messing with my permissions etc. I enjoy using it as a rudimentary filtering tool to filter the good PHP scripts from the not so good PHP scripts on accounts where I'm experimenting with PHP scripts I'm not familiar with.

As a PHP guy myself, if it's my own server only running my own websites, I'd prefer to employ caching at the application level (if it's supported by the PHP application either natively or via a plugin like wp-cache for WordPress) rather than the server level, as application level caching can even avoid the need to use a PHP interpreter for most requests if set up correctly (as the output from PHP scripts is cached to static HTML/XML/etc.).

EDIT: I've been kindly informed by the developers that SuPHP doesn't act like SuExec with regards to FastCGI Implementation.