Security - mod_php with FTP vs SuPHP or SuExec

[ethanlifka]

I am trying to configure my site to be as secure as possible.

I do not want to set my upload folders to 777 so I have a few options.
Most recommend using SuPHP or SuExec.

A second option that I have not seen much discussion about is using php_ftp to upload files. This way uses the FTP account to upload files and no need for Suphp which is slow and no need for suExec.

My concern with SuPHP or SuExec is that scripts now can write to any folders that are 755 so now all you folders are writable by the web user. Where as the user nobody or apache cannot and that seems to be more secure to me. Although I don't have any real reason why.

I have no concern for chrooting or open_basedir since there will be no other hosted accounts on the server, which is usually the main reason for SuPHP and SuExec. Please correct me if I am wrong.

1. Mod_php with php_ftp uploads
or
2. SuPHP or SuExec.

So in conclusion I think if I do not have any other hosted accounts that using mod_php while using php_ftp is more secure then using SuPHP or SuExec.

Is this correct?
Please specify why or why not.

My Setup
ISPC 3
CentOS 5.4 32bit Perfect Setup.

Any thoughts would be appreciated.

Thanks

[till]

If you run just one website on the server with just one client, it does not matter. As soon as you run 2 or more websites, suphp and suexec are more secure, as the web user has anly access to its own web folders and every website is separated from each other.