Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

801

802

803

804

805

806

807

808

809

810

Appendixes

ART VI

782

Apache, PHP, and MySQL are available for multiple operating systems and Web servers. In

this appendix, we will explain how to set up Apache, PHP, and MySQL on various server plat-

forms. We’ll cover the most common options available for UNIX and Windows NT.

Topics we will cover in this appendix include

• Running PHP as a CGI interpreter or as a module

• Installing Apache, SSL, PHP, and MySQL under UNIX

• Installing Apache, PHP, and MySQL under Windows

• Testing that it’s working: phpinfo()

• Adding PHP and MySQL to Internet Information Server

• Adding PHP and MySQL to Personal Web Server

• Considering other configurations

Our goal in this appendix is to provide you with an installation guide for a Web server which

will enable you to host multiple Web sites. Some sites, like in the examples covered, require

Secure Socket Layer (SSL) for e-commerce solutions. And most are driven via scripts to con-

nect to a database (DB) server and extract and process data. We have chosen Apache, PHP, and

MySQL for the job because of their cost, reliability, performance, ease of integration, and

functionality.

Running PHP as a CGI Interpreter or Module

PHP is a simple, yet powerful, server-side HTML-embedded scripting language that enables

you to access files, execute commands, and open network connections on the server. The inter-

preter can be run as either a module or as a separate CGI binary. Generally, the module version

is used for performance reasons. However the CGI version enables Apache users to run differ-

ent PHP-enabled pages under different user IDs. Although many of these actions pose a secu-

rity threat by default, PHP is designed to be more secure for writing CGI programs than either

Perl or C.

PHP gives you a variety of configuration options to select the right combination of security and

useability that you need. Yet, if you decide that you would like to run PHP as a CGI interpreter,

then you should read the CERT Advisory CA-96.11.

http://www.cert.org/advisories/CA-96.11.interpreters_in_cgi_bin_dir.html

The default setup for the CGI option requires that you install an executable PHP binary to the

Web server

cgi-bin directory, whereas CERT recommends against this method. This is

because most general-purpose interpreters (but not PHP) accessible via the cgi-bin directory

allow remote users to execute any command that the interpreter can execute on that server.

PHP does not allow attackers to exploit this hack.

38 7842 app a 3/6/01 3:40 PM Page 782