PHP from the point of view of a webhoster
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

PHP from the point of view of a webhoster

on

  • 1,390 views

 

Statistics

Views

Total Views
1,390
Views on SlideShare
1,215
Embed Views
175

Actions

Likes
0
Downloads
0
Comments
0

5 Embeds 175

http://www.webilea.ch 120
http://webilea.ch 42
http://posterous.com 8
http://usekit.com 3
http://feeds.feedburner.com 2

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Meine eigene Auffassung, nicht unbedingt korrekt.
  • Community -> Niveau ist eher im unteren Bereich, Einsteiger helfen Einsteiger. Umgangston nicht immer toll.
  • Selber kompilieren, weil Distros langsam sind mit PHP release. cyon ist ein Sharedhoster Erwartungen der Kunden
  • Autoupdates helpes a lot (wordpress)

PHP from the point of view of a webhoster Presentation Transcript

  • 1. point of view of a webhoster speaking @webilea
  • 2. About me
    • Working @cyon since early 2008
    • 3. Developer and #devops
    • 4. Study computer science at Uni Basel
    • 5. Linux user
    • 6. mod_rewrite guru
    • 7. NBA Jam addicted
  • 8. Overview
    • PHP in 20 seconds
    • 9. Why so famous ?
    • 10. PHP on a server
    • 11. Security
    • 12. Worries and concerns
    • 13. Summary / Q&A
  • 14. PHP in 20 seconds
    • Scripting language on server side or as cli
    • 15. Introduced in 1995
      • PHP4 2000 -> Zend Engine 1.0
      • 16. PHP5 2004 -> OOP, PDO, JSON, performance
      • 17. PHP5.3 2009 -> namespaces, closures, LSB, ...
    • Dynamic typing
    • 18. Stream, Session, DB access, image processing, ...
    • 19. „Arrays in PHP are the sets and maps of java“
  • 20. Why so famous? Approx. 30% in scripting languages http://phpadvent.org/2010/usage-statistics-by-ilia-alshanetsky
  • 21. Why so famous? #2
    • It's easy, cheap and stable
    • 22. Lamp stack (Linux – Apache – Mysql – PHP)
    • 23. Steep learning curve (gains diversity)
    • 24. Community
    • 25. Libraries and ready to use apps
  • 26. PHP on a server Mod_php FastCGI CGI Web Apache Module gateway binary Process Apache process php-cgi php-cgi Configuration Apache conf files wrapper php.ini User Apache user Shell user or suexec user suphp
  • 27. PHP on a server #2
    • Apache and PHP CGI
    • 28. Multiple PHP versions
    • 29. Self compiled PHP version (make install)
    • 30. Control over php.ini
    • 31. PEAR and PECL installed
  • 32. Security
    • Long history of „fails“
      • register_globals
      • 33. Safe Mode (deprecated in PHP 5.3)
    • SQL Injection
    • 34. Cross-site scripting (XSS)
    • 35. <?php $d = 2.2250738585072011e-308; ?>
    • 36. Plugin code quality (Wordpress, Joomla, ...)
    • 37. FTP with plain authentication
  • 38. Security #2
    • suhosin patch (hardened-php.net) and suPHP
    • 39. Disabling Functionality
    • 40. Preventing information disclosure (display_errors)
    • 41. Restricting Includes
    • 42. Restrict File Uploads
    • 43. Mod_security (false positive)
    • 44. Check file permission
  • 45. Worries and concerns
    • No opcode caching
    • 46. App monster like typo3 or magento
  • 47. - The monster
    • 6337 files
      • .php 1246
      • 48. .gif 3040
    • Peak up to 128Mb per request
    • 49. Very complex
      • A lot of options to mess with
  • 50. Worries and concerns
    • No opcode caching
    • 51. App monster like typo3 or magento
    • 52. mod_rewrite voodoo
    • 53. PHP5.3 -> lot of deprecated functions
    • 54. Developers want * bling bling*
    • 55. My website is hacked – what now?
  • 56. Worries and concerns #2
    • „Worked on my local maschine!“
    • 57. No clearing of cached files
    • 58. Updates - „never touch a running system“
    • 59. Store files in database
    • 60. Corrupted databases
  • 61. Summary
    • PHP has a lot to offer feature-wise
    • 62. PHP is highly flexible & configurable
    • 63. Actracts wide range of users
    • 64. Lots of abuse cases are PHP related, but that’s not the fault of PHP
    • 65. Scaling is „limited“ (left out due time limit)
  • 66. Q&A