Subject: Re: CGI changes for the php4 and php5 packages
To: Todd Vierling <email@example.com>
From: Jaromir Dolecek <jdolecek@NetBSD.org>
Date: 09/09/2005 20:03:07
On Tue, Sep 06, 2005 at 03:46:34PM -0400, Todd Vierling wrote:
> On Sun, 4 Sep 2005, Johnny C. Lam wrote:
> > Since there are already packages that build and install Apache-specific
> > versions of PHP (ap-php4 and ap-php5), I think we should change the
> > PHP packages to *not* configure with:
> > --enable-force-cgi-redirect
> This I agree with.
I do not. It is important security measure according to PHP (Zend)
developers. It can be switched off via php.ini's cgi.force_redirect
> > --enable-discard-path
> This I would agree with, only if it can be shown that it still works if the
> PHP CGI program is run from somewhere other than the /cgi-bin/php path of a
> non-Apache webserver.
it appears such setup would not work, PATH_INFO and PATH_TRANSLATED
would contain incorrect info.
> > We should also build them with FastCGI support (--enable-fastcgi) to
> > facilitate setting up a usable PHP installation for use with non-Apache
> > web-servers. This would also be usable by Apache if a webadmin chooses
> > to use FastCGI PHP instead of mod_php.
> Yes, since libfcgi is included with the package (thus this adds no more
Yes, this would be useful - thanks for pointing out.
Jaromir Dolecek <jdolecek@NetBSD.org> http://www.NetBSD.cz/
-=- We can walk our road together if our goals are all the same; -=-
-=- We can run alone and free if we pursue a different aim. -=-