The Joomla! Forum™

Bluehost has just added an extra feature - which I don't fully understand! - intended to speed things up for users. This is what they said:

"Without getting too technical FastCGI is an option in the control panel that you turn on that will
allow PHP scripts on our servers to stay in memory and avoid running the PHP interpreter each
time a PHP script is run. This greatly reduces server load! Currently enabling FastCGI for your
Bluehost account is OPTIONAL. It is NOT enabled by default. You can choose to enable FastCGI
by logging into your Cpanel and clicking on the new link titled "FastCGI Acceleration"."

I dutifully turned it on yesterday, then today noticed that a site I knew I'd turned REgister Globals Emulation off had a message saying it was turned on...  I tried to turn it off, discovered it was already turned off, and went round in circles for several hours imagining I'd been hacked after finding that 5 sites all had the same message. Only the Joomla 1.5 site didn't...

Eventually I tried turning FastCGI off and all is back to normal - but can someone please explain the implications of this FastCGI option and how it affects Joomla and security.  Apparently Bluehost will be turning it on by default in a few weeks....

Thanks,

TC

Templecloud wrote: "Without getting too technical FastCGI is an option in the control panel that you turn on that will
allow PHP scripts on our servers to stay in memory and avoid running the PHP interpreter each
time a PHP script is run. This greatly reduces server load! Currently enabling FastCGI for your
Bluehost account is OPTIONAL. It is NOT enabled by default. You can choose to enable FastCGI
by logging into your Cpanel and clicking on the new link titled "FastCGI Acceleration"."

I dutifully turned it on yesterday, then today noticed that a site I knew I'd turned REgister Globals Emulation off had a message saying it was turned on...  I tried to turn it off, discovered it was already turned off, and went round in circles for several hours imagining I'd been hacked after finding that 5 sites all had the same message. Only the Joomla 1.5 site didn't...

Eventually I tried turning FastCGI off and all is back to normal - but can someone please explain the implications of this FastCGI option and how it affects Joomla and security.  Apparently Bluehost will be turning it on by default in a few weeks....

When PHP runs from FastCGI, that means that your server will run the PHP interpreter like an Apache module, but with the rights of your user account. Usually, the PHP interpreter is either running as the user of the webserver (which is fast, but insecure, since everyone's scripts run with the same rights), or as a CGI program, which is slow. So FastCGI is a good solution for shared hosting.

Now since the PHP interpreter runs just as one single instance, it is (AFAIK) not parsing the .htaccess or php.ini files per directory anymore. To change php.ini settings, your host needs to offer you some method to set up or modify your own php.ini, or at least parts of it. Here is how one of my hosts does this: it parses one php.ini file (which I can modify) once an hour, and puts some well defined settings into the php.ini file which is used by the web-server. Therefore, I am able to change e.g. register_globals, or choose if I want to run PHP4 or PHP5, but I can't set any other php settings on that host.

In your case, I would ask your host if they can either enable a similar method for you, or if they can at least adjust the register_globals php setting for you. That should be fairly easy for them.

Templecloud wrote: I dutifully turned it on yesterday, then today noticed that a site I knew I'd turned REgister Globals Emulation off had a message saying it was turned on...  I tried to turn it off, discovered it was already turned off, and went round in circles for several hours imagining I'd been hacked after finding that 5 sites all had the same message. Only the Joomla 1.5 site didn't...

Oops, when looking at the thread title again, I noticed that you wrote "Register Globals Emulation".
You are talking about "Register Globals" here, not about "Register Globals Emulation", right? Because there should not be any way that switching to FastCGI affects the setting of "Register Globals Emulation", only the setting of "Register Globals" could be affected.

Check your settings in globals.php.