Security in what sense? Either way it really depends on what script is running and how well it is written. Too many scripts these days are half-assed and do not properly do input validation.

什么意义上的安全？无论哪种方式，它实际上都取决于正在运行的脚本以及它的编写情况。这些天太多的脚本是半途而废的，并且没有正确地进行输入验证。

I personally prefer FastCGI to mod_php since if a FastCGI process dies a new one will get spawned, whereas I have seen mod_php kill the entirety of Apache.

我个人更喜欢 FastCGI 而不是 mod_php，因为如果 FastCGI 进程死了一个新的进程会产生，而我已经看到 mod_php 杀死了整个 Apache。

As for security, with FastCGI you could technically run the php process under a different user from the default web servers user.

至于安全性，使用 FastCGI 从技术上讲，您可以在与默认 Web 服务器用户不同的用户下运行 php 进程。

On a seperate note, if you are using Apache's new worker threading support you will want to make sure that you are not using mod_php as some of the extensions are not thread safe and will cause race conditions.

另外，如果您正在使用 Apache 的新工作线程支持，您将需要确保您没有使用 mod_php，因为某些扩展不是线程安全的，并且会导致竞争条件。

If you run your own server go the module way, it's somewhat faster. If you're on a shared server the decision has already been taken for you, usually on the CGI side. The reason for this are filesystem permissions. PHP as a module runs with the permissions of the http server (usually 'apache') and unless you can chmod your scripts to that user you have to chmod them to 777 - world readable. This means, alas, that your server neighbour can take a look at them - think of where you store the database access password. Most shared servers have solved this using stuff like phpsuexec and such, which run scripts with the permissions of the script owner, so you can (must) have your code chmoded to 644. Phpsuexec runs only with PHP as CGI - that's more or less all, it's just a local machine thing - makes no difference to the world at large.

如果您以模块方式运行自己的服务器，速度会更快一些。如果您在共享服务器上，那么已经为您做出了决定，通常是在 CGI 方面。原因是文件系统权限。PHP 作为一个模块在 http 服务器（通常是“apache”）的权限下运行，除非您可以将脚本修改为该用户，否则您必须将它们修改为 777 - 世界可读。这意味着，唉，您的服务器邻居可以查看它们 - 想想您存储数据库访问密码的位置。大多数共享服务器已经使用诸如 phpsuexec 之类的东西解决了这个问题，它们在脚本所有者的权限下运行脚本，因此您可以（必须）将代码 chmoded 为 644。Phpsuexec 仅使用 PHP 作为 CGI 运行 - 这或多或少是全部， 它'

Most security holes occur due to lousy programming in the script itself, so it's really kind of moot if they are ran as cgi or in modules. That said, apache modules can potentially crash the whole webserver (especially if using a threaded MPM) and mod_php is kind of famous for it.

大多数安全漏洞是由于脚本本身的糟糕编程造成的，所以如果它们作为 cgi 或模块运行，这真的没有实际意义。也就是说，apache 模块可能会导致整个网络服务器崩溃（尤其是在使用线程 MPM 的情况下），而 mod_php 也因此而闻名。

cgi will be slower, but nowadays there are solutions to that, mainly FastCGI and friends.

cgi 会更慢，但现在有解决方案，主要是 FastCGI 和朋友。

What is your threat model?

你的威胁模型是什么？

From the PHP install.txt doc for PHP 5.2.6:

来自 PHP 5.2.6 的 PHP install.txt 文档：

Server modules provide significantly better performance and additional functionality compared to the CGI binary.

与 CGI 二进制文件相比，服务器模块提供了明显更好的性能和附加功能。

For IIS/PWS:

对于 IIS/PWS：

Warning

警告

By using the CGI setup, your server is open to several possible attacks. Please read our CGI security section to learn how to defend yourself from those attacks.

通过使用 CGI 设置，您的服务器会受到多种可能的攻击。请阅读我们的 CGI 安全部分，了解如何保护自己免受这些攻击。

A module such as mod_php or FastCGI is incredibly faster than plain CGI.. just don't do CGI. As others have said, the PHP program itself is the greatest security threat, but ignoring that there is one other consideration, on shared hosts.

像 mod_php 或 FastCGI 这样的模块比普通的 CGI 快得难以置信……只是不要做 CGI。正如其他人所说，PHP 程序本身是最大的安全威胁，但忽略了共享主机上的另一个考虑因素。

If your script is on a shared host with other php programs and the host is not running in safe mode, then it is likely that all server processes are running as the same user. This could mean that any other php script can read your own, including database passwords. So be sure to investigate the server configuration to be sure your code is not readable to others.

如果您的脚本与其他 php 程序在共享主机上，并且该主机未在安全模式下运行，则所有服务器进程可能都以同一用户身份运行。这可能意味着任何其他 php 脚本都可以读取您自己的脚本，包括数据库密码。所以一定要调查服务器配置以确保您的代码对其他人不可读。

Even if you control your own hosting, keep in mind that another hacked web application on the server could be a conduit into others.

即使您控制自己的主机，请记住，服务器上的另一个被黑客入侵的 Web 应用程序可能会成为其他人的管道。

Using a builtin module is definitely going to be faster than using CGI. The security implications depend on the configuration. In the default configuration they are pretty much the same, but cgi allows some more secure configurations that builtin modules can't provide, specially in the context of shared hosting. What exactly do you want to secure yourself against?

使用内置模块肯定比使用 CGI 更快。安全影响取决于配置。在默认配置中，它们几乎相同，但是 cgi 允许一些内置模块无法提供的更安全的配置，特别是在共享主机的上下文中。你究竟想保护自己免受什么伤害？