Is it normal for a host to only allow PHP files in a cgi-bin? :eek: I was helping somebody with their vBulletin installation and as you can imagine this is wreaking havoc.

could they mean that they support PHP as CGI and not as a module?

Isn't that a relative security hazard? Let me find in the PHP docs about that...

Here we go: http://www.php.net/manual/en/security.cgi-bin.php

I'm not a PHP programmer (althrough I'm learning :) ) but I can't find a good reason to install PHP as CGI.
Can be a security hazard also use more resources than if you install it as module.

i know the reason but shall not say it
ill let someone else

Originally posted by 9onlinehost
i know the reason but shall not say it
ill let someone else

What purpose does this post serve? :rolleyes:

But anyway, maybe they're running it as CGI so that they can use suexe to better track script usage?

Ohh, good point Urban, I didn't think about that.

But anyway, maybe they're running it as CGI so that they can use suexe to better track script usage?

You're probably right but then they would be using load of resources (spawning additional processes, etc.) to track resouce usage.

As far as I know, running PHP as CGI is more secure than running it as an apache module if you're using suexec.

IF the server is even running on *NIX platform :rolleyes:

But CGI is a resource-hog and mod_*'s are much better for performance

Even Perl I am thinking of setting up thru mod_perl

But then every man his poison! :D

Cheers
Balaji