On 05/06/2013 09:15 PM, Christoph Anton Mitterer wrote: > Hey. > > I would like to see the following with respect to PHP and all packages > using PHP: > 1) We should try to educate users not to use mod_php. From a security > POV it's rather problematic, as it runs in server context. And for > people really needing the performance, FPM should be an equally good > solution. There's not only FPM as a solution. I maintain SBOX to do chroot, and I use it together with aufs to maintain chroot templates. I also currently maintain my own version of Apache with a patch to backport the AllowOverrideList feature of Apache 2.4 in the (old)stable Debian, so that a hacker can't write in a .htaccess to hook the Options / AddHandler thing and by-pass my cgi-wrapper.
So yeah, maintainers shouldn't assume mod_php. But please do not assume FPM either! By the way, using FPM + SBOX should be a quite nice thing, which I need to investigate. Thomas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5187cd5f.2010...@debian.org
