firewing1 aka Stewart Adam - My Blog

I have been doing lots of research on how to properly secure PHP on a shared server, especially with regards to finding the best way to sandbox users. On stock apache installations, the apache user must have access to web content in order to serve it which has the unfortunate side effect that every user on the shared hosting server can read the files of every other user.

The solution to them is "sandboxing" them, or in other words having Apache serve each user's web files as that user. I will post a tutorial relatively soon detailing how to do so (along with configuring many other services) but in the mean time here are some benchmarks:

prefork: 2.720166 seconds
suphp: 13.621006 seconds
itk: 4.263002 seconds

These benchmarks were generated using the "ab" benchmark included with the httpd server. They represent the time it took to load the front page of my blog 200 times:
ab -c 1 -n 200 http://www.firewing1.com/
prefork is the standard apache MPM working with mod_php. It's the fastest, but for the reasons outlined above also the most insecure. suPHP tackles the problem by using a SUID executable and running PHP under CGI, but it is extremely slow - even for this modest drupal site, it is just over 5x slower than stock. I compiled the ITK MPM for Apache which also offers the feature of running files under different users but it is based on Prefork and uses mod_php. The performance is still worse (2x slower) than stock, but much better than suPHP.

Although some users have reported success, most installations I've tried of MySQL 5.1 on Vista have failed, even on fresh Vista installs. The first problem appears at the end of the service instance configuration. All appears to be well, however the server refuses to start with Could not start MySQL service or Could not start the service MySQL. Error: 0.

The trick is to start MySQL from the console so that you are able to see the error message (you can access the command console by typing cmd into the Run dialog):

In my case, MySQL always returned the same error message:

This message is a symptom of the log file size problem (just google InnoDB: Error: log file .\ib_logfile0 is of different size for more information). All you need to do is to clear the following files from the folder C:\ProgramData\MySQL\MySQL Server 5.1\data:

Restart the MySQL server and all should be well. Note that the C:\ProgramData\ folder is hidden, so unless you have enabled hidden folders from the Folder Options dialog, you will need to copy/paste that folder path directly into the address bar in order to access the folder.