It is always said that SuPHP is secure. But i don't know why.
SuPHP is using php as cgi. So then it is possible for everyone to overwrite every value in php.ini.
For example i set open_basedir for users and i don't want them to load any php extensions for security. But with SuPHP (php as cgi) anyone can put a local php.ini on his web page directory and bypass my security settings. Can load custom extensions and may abuse my server.
So where is the SuPHP security?
SuPHP is using php as cgi. So then it is possible for everyone to overwrite every value in php.ini.
For example i set open_basedir for users and i don't want them to load any php extensions for security. But with SuPHP (php as cgi) anyone can put a local php.ini on his web page directory and bypass my security settings. Can load custom extensions and may abuse my server.
So where is the SuPHP security?
