You are here

suPHP versus modPHP

So I've been testing both and there are a few trade offs here between suPHP and modPHP.

MODPHP Security
Firstly to get started, modPHP is supposed less safe sine PHP will run as apache thus a compromise on one website can lead to the reading of other directorys/websites of other users within the same linux server/box.

suPHP Security
suPHP security is indeed a notch higher when configured properly. Basically each user has their own username and suPHP will basically allow their website or in this case apache to run under the specific username. This means that if a website of a specific user were to be compromised, it would be much harder to get access to other websites on the box not running under the compromised user account.

HOWEVER, there is a catch
After my testing, I've noticed that suPHP is a bit slower but more importantly extremely CPU and memory intensive compared to its less secure modphp counterpart. At 50 users, the load on my server went up to 10.x which I have never seen happen with modphp. In fact, modphp wouldn't even break a serious sweat with this number of clients. More worrying is that suPHP used nearly 2 GBs of RAM during this 50 user load test while modPHP didn't go over 1 GB...

So really, the choice is up to you when it comes down to the security vs resources issue. I'm going to try caching with suPHP and see if that helps at all.