Perl in shared hosting environments
Dirk Koopman
djk at tobit.co.uk
Wed Sep 21 11:21:06 BST 2011
On 21/09/11 09:55, Tomas Doran wrote:
>
> On 21 Sep 2011, at 09:22, Philip Newton wrote:
>>
>> And I agree with Lesley in assuming the answer is "no" - I doubt that
>> you can modify Apache that way to "inject" a module into it from your
>> section of a shared hosting environment.
>
> Oh, yes, of course!
>
> Your perl script isn't going to be able to extend apache without apache
> collaborating in this :)
>
For what it is worth, I stopped using mod_perl (as well as Apache)
several years ago and moved onto other webservers and FastCGI.
Reason include:
* Apache seems to be the sendmail of the webserving world. Does anybody
other than me note the frequency of critical bugs, ongoing,
that Apache has?
* Other webservers can be run, more easily, on non-privileged
ports and users, chrooted etc etc to reduce the attack surface
even more (obviously one redirects traffic from port 80 etc
either via the operating system or load balancers).
* Stuff has to be "stitched into" mod_perl. This is unnecessarily
tedious -> difficult and probably increases the attack surface
as well.
* Added (completely) new stuff into the same mod_perl environment
is next to impossible (i.e. forget "shared hosting").
* mod_perl processes seem(ed) to get bigger and bigger and need(ed)
to be killed every few 10s of requests to keep memory usage in
bounds. We needed many more (bigger) machines to run mod_perl v
other webservers and FastCGI.
* Stuff designed with FastCGI in mind is much easier to test and
debug.
* FastCGI does not have to be on the same machine as the webserver,
nor even on the same architecture.
* The difference in speed between mod_perl and an established
FastCGI set of processes is minimal. In some cases I have found
FastCGI faster than mod_perl.
* Other webservers can be run, more easily, on non-privileged
ports and users, chrooted etc etc to reduce the attack surface
even more (obviously one redirects traffic from port 80 etc
either via the operating system or load balancers).
I may simply be biased, but it is based on bitter (but now old) experience.
YMMV (and probably does)
Dirk
More information about the london.pm
mailing list