OT: Apache Version Used

Brad Bartram bradbartram at ccsisp.com
Tue Dec 21 12:19:25 EST 2004


To clairfy a little bit, this really isn't an Apache problem, nor is it truly 
a PHP problem.  This falls squarely on the shoulders of the developers of php 
modules.

Mark will probably disagree, but the very basic core of PHP seems to be stable 
and even safe under Apache 2.  When you begin to add the extra modules that 
provide the useful functions to PHP is when you intrduce instability and 
problems.  This entire incompatibility comes from thread safety and proper 
coding practices in the extra and third party modules.

My memory isn't perfect but I believe there is a nice writeup about this 
subject right on php.net.  The exact url is a mystery for teh reader to 
decipher.  ;)

brad

On Tuesday 21 December 2004 11:28 am, Cyber Source wrote:
> ouch, the word "NEVER". The folks at Apache would probably disagree. In
> my experience I have found only certain instances in which words like
> "NEVER" should appear when talking about software development, like,
> "Words like never and always should NEVER be used when software
> development is the context", or something like that, lol ;)
>
> Mark Musone wrote:
> >Well, with the apache case it's a little different, it's not just old
> >veruss new, because as Brad said, you shouldn't use php on apache2. php
> >will most likely NEVER be stable or suggested for apache2. So this is
> >possibly a case where there are reasons for using the old software.
> >(personally, I just about always use apache1)
> >
> >-Mark
> >
> >
> >-----Original Message-----
> >From: owner-nflug at nflug.org [mailto:owner-nflug at nflug.org] On Behalf Of
> >Cyber Source
> >Sent: Tuesday, December 21, 2004 8:48 AM
> >To: nflug at nflug.org
> >Subject: Re: OT: Apache Version Used
> >
> >You should heed Brad's advise. I only know Brad briefly but he made a
> >really nice presentation once at an nflug meeting and does have alot of
> >knowledge when it comes to security. However, I don't think you should
> >not make your decision based on the thinking that your safer staying
> >with older software (obscurity = security). Software would never advance
> >
> >like that and updates are for fixing, amongst other things, security
> >holes, bugs, etc.. Apache should also not be blamed for what it has no
> >control over, like the php packages on your system. I know this from
> >experience as the php packages that came with RH9 rpm's were badly
> >broken because I was working with the developer for FreeMED and he
> >developed his (php) FreeMED package on a debian box (different php, same
> >
> >versioning but compiled differently with the rpm's). So we tried just
> >putting his FreeMED package on a FC1 box (same Apache version) and all
> >was well. Before I got into RH and FC, I had a Mandrake server get
> >hacked because I didn't keep the packages up to date and one of the
> >packages had a security hole.
> >So, I would advise to stay current and edit your /etc/aliases file to
> >put a real email address for your root mail on the box (don't forget to
> >start sendmail or equiv.) and keep an eye on your logs.
> >
> >Timothy Domst wrote:
> >>So since I am planning on a rudimentary server and I have that manual
> >>I should just use 1.3 until I have a reason to do otherwise.
> >>
> >>On Dec 20, 2004, at 10:03 PM, Brad Bartram wrote:
> >>>Ahh - the old 1 vs 2 debate. ;-)
> >>>
> >>>What you use should depend largely on what you are using the server
> >>>for. If
> >>>you are using the server for php or pretty much most of the
> >
> >interpreted
> >
> >>>langauages like php, the answer is a resounding 1.3. Apache 2 and php
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>should
> >>>not be used in a production or live environment due to the security
> >
> >and
> >
> >>>stability issues that are raised.
> >>>
> >>>If you are using Apache with an external interpreter such as Tomcat
> >>>or the
> >>>like, then using Apache 2 is the hands down winner.
> >>>
> >>>The reason for the difference is really the same - threads. Apache 2
> >>>can use
> >>>a threaded operation that makes it perfect for a multithreaded
> >>>application
> >>>like tomcat but inherently unsafe for php.
> >>>
> >>>Just my $.02
> >>>
> >>>And to stay on topic - I use apache as I outlined above. In the rare
> >>>instance
> >>>I need both Tomcat and php support, I either divide the load using
> >>>redirection and forwarding or if I need it all on one server I
> >
> >sacrifice
> >
> >>>Tomcat / apache performance and use 1.3 series.
> >>>
> >>>brad
> >>>
> >>>On Monday 20 December 2004 9:22 pm, Timothy Domst wrote:
> >>>>Have you ever used 2? Does 1 give you any problems?
> >>>>
> >>>>On Dec 20, 2004, at 6:01 PM, Joshua Ronne Altemoos wrote:
> >>>>>I use 1.3 becuase that is the default for slack10 which is on my
> >>>>>server
> >>>>>
> >>>>>
> >>>>>On Mon, 20 Dec 2004 17:35:24 -0500, Timothy Domst
> >>>>>
> >>>>><timothy.domst at verizon.net> wrote:
> >>>>>>I have SuSE 9.1 installed and it has Apache 2 on it, but I messed
> >
> >up
> >
> >>>>>>the settings or something. I have a book about Apache 1, and I had
> >
> >it
> >
> >>>>>>working well before when I had 9.0. Should I just install Apache 1
> >>>>>>and
> >>>>>>forget about 2? I would like to know what people with home servers
> >>>>>>use.
> >>>>>>i
> >>>>>>Someone posted a link to Novell a while ago that got people on a
> >
> >list
> >
> >>>>>>for their Linux Technical Resource Kit. I'd like to thank them
> >>>>>>because
> >>>>>>I got one and it's conveniently got a bootable SuSE 9.1 DVD on it.
> >>>>>>The
> >>>>>>other stuff is on .iso files, though, and I tried to make bootable
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>CDs
> >>>>>>out of them but I couldn't. How do I install these files?
> >>>>>
> >>>>>--
> >>>>>Have A Good Day,
> >>>>>Joshua Ronne Altemoos
> >>>>>joshua.altemoos at gmail.com



More information about the nflug mailing list