Slashdot Mirror
Apache 2.0.50 Released
Gruturo writes "The Apache Software Foundation just released version 2.0.50, which, apart from the usual incremental improvements and bug fixes, addresses security vulnerabilities such as CAN-2004-0493 (Memory leak which could lead to resource depletion == DoS) and CAN-2004-0488 (a mod_ssl buffer overflow). Be kind to their servers and use a mirror."
For security I wouldn't use anything where the source is open.
I recommend Microsoft(r) Internet Information Services for server software (compiled with GS switch, so it's double secure compared to other products) and Microsoft(r) Internet Explorer for client (my favorite site MSN.com looks great in it).
I am using PHP 5 and works great. The trick is to compile Apache using the prefork MPM.
Quote from http://httpd.apache.org/docs-2.0/mod/prefork.html
This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries. It is also the best MPM for isolating each request, so that a problem with a single request will not affect any other.
Using Apache 2 in this method will make it work perfectly with PHP.
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread
PHP+Apache2 is "working OK"...
Just not well enough to sign off an enterprise solution on...
Check out these links for more details...
PHP-Dev Mailing list discussion
Discussion on PHP buglist
as well as a more tongue-in-cheek reply...
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
Ok, so Apache2 has been around forever now. The big hoopla was the threading module instead of prefork. However, you can't really use the threading model with PHP or mod_perl due to 3rd party libs not being thread safe.
So is there really any point in using apache2 at all?
Beyond maybe a cache/proxy role?
A better trick is to compile PHP using the FastCGI SAPI and Apache 2 with the perfectly fine mod_fastcgi. Lets you spread PHP across machines, lets you jail/chroot PHP seperate from Apache, lets you run fewer copies of PHP (which also reduces database connections), and lets you change webserver or language with minimal impact on the other.
And yes, mmcache and friends work fine in FastCGI mode.
just not well enough to sign off an enterprise solution on...
I wouldn't sign off an enterprise solution on PHP full stop. Vile language.
So says someone who did some work on Squirrelmail a little while back - man it sucks trying to support all the little incompatibilities and changing defaults and changing configurations everywhere. When you're undoing an automatic quote of variables depending on a guess from some other variables you know you've got "Visual Basic for da interweb" - except with a less stable API.
That and the separate functions per DB type which caused all+dog to write their own copy of Perl's DBI in PHP before Pear came along.
It might be an OK language for developping small stand-alone web apps, or a web app which runs on one infrastructure that you control and validate - but it's not a language for writing stuff you can install on any webhost and expect a complex app to keep working across versions.
*grumble*
First of all, to the people who wonder what's so great about Apache 2.x you should take some time to understand that Apache 2 is a completely new way of thinking about the HTTP server paradigm. Apache 2.x is now no longer simply an HTTP server but a protocol server that can serve anything you can write, FTP, SMTP whatever. In fact Apache 2.x FTP server has been darn stable.
Besides the threaded model and the above paradigm shift, there is also the great improvements in the build system, the API and IPv6 support. You can read all about it here: New Features 2.0 . Do yourself a favor and start learning Apache 2.x now, you will not regret it down the line.
Finally, I believe that with the 2.0.50 release the contributors have solved some of the most serious bugs and have delivered one of the most stable releases of Apache to date. Of course time will tell if there are significant bugs, I wouldn't go upgrading your production environment tomorrow. But the folks there have worked really hard on the big bugs and I have to give them a big thank you.
The full change list is here: Changes 2.0.50 . They have fixed a very serious stderr bug, several annoying ldap bugs, addressed various other security and performance issues and generally done a great job.
Way to go folks. Thank you!!!
ya except apache 1.3 + php isn't really an enterprise solution to a large web application either. One of the reasons cited above for php not working w/ apache2.0 is a lack of thread safety. In php there isn't any. Also, you can thread sessions all reads and writes lock the session from any further reads or writes until the operation is completed.
:(){