php
DSO
It is also known as mod_php. It is the fastest way to serve the PHP requests. It runs PHP directly from the Apache without working like a separate service. The PHP scripts will run as the Apache user, which by default is the user ‘nobody’. In this case the PHP scripts all are owned & executed by the Apaches’s ‘nobody’ user. Therefore, we cannot track each individual user since they all run from one web server. Security is another concern in DSO mode. It is vulnerable to malicious attacks that could modify your PHP scripts or modify the files outside of that user’s directory that had the PHP script that were exploitable. The benefit of the DSO handler is that it provides PHP opcode caching along with DSO to speed up the PHP requests. Also, we can set PHP directives directly via .htaccess files to control certain functionality of PHP.
You might choose DSO as your PHP handler if you only have one user and your primary concern is speed and performance.
CGI
CGI handler will run PHP as a CGI module as opposed to an Apache module. The CGI method is intended as a fallback handler for when DSO is not available. This method is neither fast nor secure. That is regardless of whether or not suEXEC is enabled. Nowadays, CGI handlers are used less frequently because of other handler benefits. Similar to suPHP and FastCGI, the CGI handler can use suEXEC. Instead, PHP executions are run by the file owner of a PHP script rather than the Apache “nobody” user. The usage of CGI handlers provides ease of configuration and support using suEXEC for reducing permission related issue. The main disadvantage of the CGI handler is that it is one of the slowest handler. The CGI handler is the least popular for this reason leading it to be one of the less frequently used handlers
CGI is a recommended PHP handler if suPHP, DSO, or FastCGI was not available in your server.
suPHP
Technically it is a CGI module, but it is entirely different from the CGI handler. It is the most flexible and secure way of serving PHP requests. The main advantage with this handler is it runs the PHP script as the user calling them, instead the ‘nobody’ user. Also, it is quite easy to monitor the usage of PHP script executions, because for every PHP request that is being processed a separate PHP process will be generated. Another advantage is that suPHP handler isolates one of the user on the server from others. This is a precaution taken because if one user’s account is misused then the attacker would only be able to view or modify files owned by that particular users. These applications require permission to have the ability to write, modify, and create files on the server. Permission management is easy to configure because all of your files are owned by just one user.
The main disadvantage of suPHP is speed and CPU load. This handler is recommended for small reseller clients, because it possess the high load of running separate PHP process per request. Also, if the server receives high amount of PHP requests in small period of time, this can result in a heavy load on your server.
The selection of suPHP as your PHP handler is recommended if you have multiple users on your server. You do not want to worry about setting permissions, and you are not having any performance issues with the PHP scripts that is currently used.
Fast CGI
FastCGI PHP handler is a faster way to serve PHP requests than using suPHP, but typically not as fast as using DSO. FastCGI helps reduce CPU usage by increasing the server’s available RAM in order to cache PHP scripts in the memory. This method is use instead of starting up a separate PHP process for each and every PHP request.
The main benefit of using FastCGI is that you can you can use suEXEC just like in the suPHP. This allows the PHP scripts to be executed by the actual user of the PHP script instead of the Apache’s ‘nobody’ user. It also does not require a single PHP process execution per request like suPHP does, which enhances the speed and the CPU usage by keeping PHP scripts in the memory. Issue regarding the memory usage is the drawback of FastCGI. Also regarding the PHP opcode cache, itt keeps PHP sessions opened in the background in memory for faster access
FastCGI is the best handler if you are looking for a faster PHP execution, provided that you the high availability of memory to spare on your server.
Permalink Comments off
