- Plesk for Linux
Why mod_perl, mod_python, mod_php Apache modules are not installed by default starting from Plesk 12.5?
Starting from Plesk 12.5, the following changes are made in terms of Apache modules included into typical installation set:
mod_pythonare not included.
mod_phpstill included, but disabled by default.
It was done for security reasons and takes place only on the latest OS versions - Ubuntu 14.04, Debian 8, CentOS 7, RHEL 7. Moreover, other Apache modules support is considered to be dropped in the next Plesk releases.
Why using these Apache modules on shared hosting is insecure:
File security .
mod_pythonrun under account of Apache server, and therefore scripts executed by these modules can potentially access any user file. For example, files containing highly confidential personal data can be read by a script from another domain.
Security of database connections . Database connections of other users can be hijacked, and since all users can read each other's code, database usernames and passwords are visible to any user.
Potential system compromise due to security issues in Apache code (it can be resolved by using jails or chroot mechanisms).
Which options to use Perl and Python remain:
By default, Python and Perl are handled by FastCGI (
module). For Python, it is also possible to use Application server (this option is described in this article ).
Note: If an application is designed for using with
, updating its code can be required.