Ea3 and secure php

Here's a link to our documentation on hardening PHP:

http://www.cpanel.net/support/docs/ea/ea3/ea3php_hardening_php.html

 

* SNIPPED *

Another issue can be if you have several thousand accounts serving PHP and now you have many more instances of SuPHP in memory than you really need to be there due to FastCGI. Keep in mind, FastCGI enhances performance by keeping instances of the interpreter in memory longer than it's really needed (in anticipation of a future request, so disk I/O of loading the interpreter is avoided). * SNIPPED *This may not be an ideal solution for those with many accounts or limited memory resources.

In production, I haven't encountered noticeable sluggishness on the part of SuPHP and I personally like the security it provides. I have found myself thanking SuPHP from preventing scripts I was experimenting with from going too far in terms of messing with my permissions etc. I enjoy using it as a rudimentary filtering tool to filter the good PHP scripts from the not so good PHP scripts on accounts where I'm experimenting with PHP scripts I'm not familiar with.

As a PHP guy myself, if it's my own server only running my own websites, I'd prefer to employ caching at the application level (if it's supported by the PHP application either natively or via a plugin like wp-cache for WordPress) rather than the server level, as application level caching can even avoid the need to use a PHP interpreter for most requests if set up correctly (as the output from PHP scripts is cached to static HTML/XML/etc.).

EDIT: I've been kindly informed by the developers that SuPHP doesn't act like SuExec with regards to FastCGI Implementation.