Migrating servers



  • Hey guys,

     I just rewrote a nonprofits website for them, volunteer stuff. And we will be migrating to a new host in a couple of weeks. So I have a couple of questions, IF we have the option, is it more secure to put your folder access limits in apache2.conf, or .htaccess? Also, the new host has a LAMP setup (debian, apache2, php5), but I hear everyone says php is really insecure.

    I have never done web development before (I am a C++ guy). What would I have to do (or, what would I have to talk my host into doing) to setup perl or some other more secure language? The php script doesn't actually do a whole lot, just looks in the database for newsletters and stuff, although I would like to add a search function.

    Nate
     



  • There's really no security issue of .htaccess vs config file anymore. But choosing which to use is a matter of taste and circumstance that you should still consider carefully, from a management standpoint.

    htaccess should be used when a directory is flat in structure and may be potentially moved around (so the perms stay with it, regardless of aliases and other ontological mappings).

    apache.conf is centralized and keeps all your folder defs and perms in one place which is nice, and IIRC, a little faster.

    A nice thing to do is to have a conf subdir (/etc/httpd/conf.d) and drop in conf files for different parts of the site (useful for 3rd party app packages) or virtual hosts or your cgi paths whatever. Just use an Include /etc/httpd/conf.d/*.conf directive at an appropriate place in your main config.

    A combination of that file-per-feature and .htaccess is a good approach for moderately complicated websites.

     

    As to PHP vs. the rest... I'm a fan of HTML::Mason and perl but that's just me.
    And really: with ruby and python and FastCGI + (language of choice including C++) you shouldn't feel constrained. I would say only use PHP if you need a specific framework or you don't have other options on your webhoster. If perl, python or ruby is installed and mod_fastcgi then you are in business.
     

     



  • Oh yeah... doing CGI with C++ and FastCGI

    try this library: http://www.cgicc.org/doc/lib_overview.html

    A whole bunch of people on the forum are going to tell you NO NO NO don't use C++ for web development.

    Screw 'em. Give it a shot if that's what you're comfortable with.
     



  • @kirchhoff said:

    try this library: http://www.cgicc.org/doc/lib_overview.html

    A whole bunch of people on the forum are going to tell you NO NO NO don't use C++ for web development.

    Screw 'em. Give it a shot if that's what you're comfortable with.
     

    In this case I have to agree.  If C++ is your strongest Kung Fu, then go with your strength.  You'll probably write more secure code that way than using some other languages that are new to you.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.