Slashdot Mirror
Apache 2.0.50 Released
Gruturo writes "The Apache Software Foundation just released version 2.0.50, which, apart from the usual incremental improvements and bug fixes, addresses security vulnerabilities such as CAN-2004-0493 (Memory leak which could lead to resource depletion == DoS) and CAN-2004-0488 (a mod_ssl buffer overflow). Be kind to their servers and use a mirror."
Ok, so Apache2 has been around forever now. The big hoopla was the threading module instead of prefork. However, you can't really use the threading model with PHP or mod_perl due to 3rd party libs not being thread safe.
So is there really any point in using apache2 at all?
Beyond maybe a cache/proxy role?
A better trick is to compile PHP using the FastCGI SAPI and Apache 2 with the perfectly fine mod_fastcgi. Lets you spread PHP across machines, lets you jail/chroot PHP seperate from Apache, lets you run fewer copies of PHP (which also reduces database connections), and lets you change webserver or language with minimal impact on the other.
And yes, mmcache and friends work fine in FastCGI mode.
just not well enough to sign off an enterprise solution on...
I wouldn't sign off an enterprise solution on PHP full stop. Vile language.
So says someone who did some work on Squirrelmail a little while back - man it sucks trying to support all the little incompatibilities and changing defaults and changing configurations everywhere. When you're undoing an automatic quote of variables depending on a guess from some other variables you know you've got "Visual Basic for da interweb" - except with a less stable API.
That and the separate functions per DB type which caused all+dog to write their own copy of Perl's DBI in PHP before Pear came along.
It might be an OK language for developping small stand-alone web apps, or a web app which runs on one infrastructure that you control and validate - but it's not a language for writing stuff you can install on any webhost and expect a complex app to keep working across versions.
*grumble*