scottp at dd.com.au
Wed Sep 13 21:15:02 PDT 2006
On 14/09/2006, at 13:43, Daniel Pittman wrote:
> Apache also supports FastCGI -- with the original FastCGI module
> and the
> newer (and more free) FCGI module. Both of these give the same
> as lighttpd and FastCGI, plus the advantages that mod_perl and other
> Apache modules provide.
Nice thing about the above is that even though your code is FastCGI,
as you mentioned you can still use mod_perl, which means we can still
use the filters and auth etc.
This come very much down to if you are writing apache or an application.
For application I see three ways to go:
* Built into Apache - ala PHP, mod_perl etc
* External to Apache - ala FastCGI, straight CGI etc
* Proxy from Apache - ala mod_jk (remote TomCat) and many many others
(usually they have their own internal protocol)
If you want to write Apache - e.g. something that uses Subrequest,
has access to Apache internals, Authentication, Filtering etc -
mod_perl is perfect. If you are writing an app - then I think it
depends - my gut feel is that some form of abstraction is best. e.g.
writing your 'application' in a more portable way, so that it can run
in various forms of the above 3 methods (there are probably more).
An example of an application which should exist (probably) in
mod_perl is things like a File Manager and Gallery - as it is self
referring to internal data - e.g. other images or files.
An example of an application which should not (probably) exist in
mod_perl (except as a performance boost, although you ca also use
FastCGI) - a database application - such as booking system.
NOTE RANT START
I love programming Catalyst for web applications. It is fantastic to
I really HATE that Catalyst duplicates Apache - authentication,
filtering etc - that SUX BIG !
I REALLY REALLY HATE applications that do their own authentication -
I have never worked on a single one of those types of apps that have
not missed at least one file for auth - with a huge security hole -
This stems so often from the fact that there is some myth that Apache
authentication needs to be basic auth - it can be anything - random
if you like, time of day, cookie, SSL signed certificate - what ever
It would be nice if you could have auth done via Catalyst in a
"TRUST" way - where you can use a simple Catalyst module for testing
on the command line (Catalyst can run stand alone) but that in Aapche
mode it uses the Apache user method.
NOTE RANT END
* - * http://www.osdc.com.au - Open Source Developers Conference * - *
Open source developer
scottp at dd.com.au
Dismaimer: Open sauce usually ends up never coming out (of the bottle).
Please do not send me Word or PowerPoint attachments.
Microsoft is not the answer. It's the question. And the answer is no.
More information about the Melbourne-pm