PHP from the point of view of a webhoster

point of view of a webhoster speaking @webilea

About me
Working @cyon since early 2008
Developer and #devops
Study computer science at Uni Basel
Linux user
mod_rewrite guru
NBA Jam addicted

Overview
PHP in 20 seconds
Why so famous ?
PHP on a server
Security
Worries and concerns
Summary / Q&A

PHP in 20 seconds
Scripting language on server side or as cli
Introduced in 1995
PHP4 2000 -> Zend Engine 1.0
PHP5 2004 -> OOP, PDO, JSON, performance
PHP5.3 2009 -> namespaces, closures, LSB, ...
Dynamic typing
Stream, Session, DB access, image processing, ...
„Arrays in PHP are the sets and maps of java“

Why so famous? Approx. 30% in scripting languages http://phpadvent.org/2010/usage-statistics-by-ilia-alshanetsky

Why so famous? #2
It's easy, cheap and stable
Lamp stack (Linux – Apache – Mysql – PHP)
Steep learning curve (gains diversity)
Community
Libraries and ready to use apps

PHP on a server Mod_php FastCGI CGI Web Apache Module gateway binary Process Apache process php-cgi php-cgi Configuration Apache conf files wrapper php.ini User Apache user Shell user or suexec user suphp

PHP on a server #2
Apache and PHP CGI
Multiple PHP versions
Self compiled PHP version (make install)
Control over php.ini
PEAR and PECL installed

Security
Long history of „fails“
register_globals
Safe Mode (deprecated in PHP 5.3)
SQL Injection
Cross-site scripting (XSS)
<?php $d = 2.2250738585072011e-308; ?>
Plugin code quality (Wordpress, Joomla, ...)
FTP with plain authentication

Security #2
suhosin patch (hardened-php.net) and suPHP
Disabling Functionality
Preventing information disclosure (display_errors)
Restricting Includes
Restrict File Uploads
Mod_security (false positive)
Check file permission

No opcode caching
App monster like typo3 or magento

- The monster
6337 files
.php 1246
.gif 3040
Peak up to 128Mb per request
Very complex
A lot of options to mess with

No opcode caching
App monster like typo3 or magento
mod_rewrite voodoo
PHP5.3 -> lot of deprecated functions
Developers want * bling bling*
My website is hacked – what now?

Worries and concerns #2
„Worked on my local maschine!“
No clearing of cached files
Updates - „never touch a running system“
Store files in database
Corrupted databases

Summary
PHP has a lot to offer feature-wise
PHP is highly flexible & configurable
Actracts wide range of users
Lots of abuse cases are PHP related, but that’s not the fault of PHP
Scaling is „limited“ (left out due time limit)

http://www.webilea.ch	119
http://webilea.ch	42
http://posterous.com	8
http://usekit.com	3
http://feeds.feedburner.com	2

PHP from the point of view of a webhoster

by Dominic Lüchinger on Jan 27, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

5 Embeds 174

Statistics

PHP from the point of view of a webhoster — Presentation Transcript