PHP-CGI ==> Security considerations

RawJi

Hi Everyone @ PHPBuilder...

I'm currently setting up a web-server, and I just wanted to get everyone's input and personal experiences about security considerations when using PHP in CGI mode...

My setup is as follows:

Gentoo Linux 1.4
Apache 1.3.27
PHP 4.3.3

I'm using suPHP , so that PHP scripts and pages can be run without permissions on files having to allow execution, and also, so PHP scripts don't require '#!/path/to/php' at the begining of every file. The main reason I'm using it is so SuExec can run the scripts as the files owner.

Now my questions:

What security issuses should I consider?
What would be the benefits/drawbacks of running PHP in safe mode?
Is there anyway of configuring PHP so that it may not read files outside of a given users directory?
Do you have any stories relating to security issuses with PHP in CGI mode?
Any thing else you would like to point out?

Thanks in advance.

Regards,

RawJi