PHP from the point of view of a webhoster
Upcoming SlideShare
Loading in...5
×
 

PHP from the point of view of a webhoster

on

  • 1,318 views

 

Statistics

Views

Total Views
1,318
Views on SlideShare
1,143
Embed Views
175

Actions

Likes
0
Downloads
0
Comments
0

5 Embeds 175

http://www.webilea.ch 120
http://webilea.ch 42
http://posterous.com 8
http://usekit.com 3
http://feeds.feedburner.com 2

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Meine eigene Auffassung, nicht unbedingt korrekt.
  • Community -> Niveau ist eher im unteren Bereich, Einsteiger helfen Einsteiger. Umgangston nicht immer toll.
  • Selber kompilieren, weil Distros langsam sind mit PHP release. cyon ist ein Sharedhoster Erwartungen der Kunden
  • Autoupdates helpes a lot (wordpress)

PHP from the point of view of a webhoster PHP from the point of view of a webhoster Presentation Transcript

  • point of view of a webhoster speaking @webilea
  • About me
    • Working @cyon since early 2008
    • Developer and #devops
    • Study computer science at Uni Basel
    • Linux user
    • mod_rewrite guru
    • NBA Jam addicted
  • Overview
    • PHP in 20 seconds
    • Why so famous ?
    • PHP on a server
    • Security
    • Worries and concerns
    • Summary / Q&A
  • PHP in 20 seconds
    • Scripting language on server side or as cli
    • Introduced in 1995
      • PHP4 2000 -> Zend Engine 1.0
      • PHP5 2004 -> OOP, PDO, JSON, performance
      • PHP5.3 2009 -> namespaces, closures, LSB, ...
    • Dynamic typing
    • Stream, Session, DB access, image processing, ...
    • „Arrays in PHP are the sets and maps of java“
  • Why so famous? Approx. 30% in scripting languages http://phpadvent.org/2010/usage-statistics-by-ilia-alshanetsky
  • Why so famous? #2
    • It's easy, cheap and stable
    • Lamp stack (Linux – Apache – Mysql – PHP)
    • Steep learning curve (gains diversity)
    • Community
    • Libraries and ready to use apps
  • PHP on a server Mod_php FastCGI CGI Web Apache Module gateway binary Process Apache process php-cgi php-cgi Configuration Apache conf files wrapper php.ini User Apache user Shell user or suexec user suphp
  • PHP on a server #2
    • Apache and PHP CGI
    • Multiple PHP versions
    • Self compiled PHP version (make install)
    • Control over php.ini
    • PEAR and PECL installed
  • Security
    • Long history of „fails“
      • register_globals
      • Safe Mode (deprecated in PHP 5.3)
    • SQL Injection
    • Cross-site scripting (XSS)
    • <?php $d = 2.2250738585072011e-308; ?>
    • Plugin code quality (Wordpress, Joomla, ...)
    • FTP with plain authentication
  • Security #2
    • suhosin patch (hardened-php.net) and suPHP
    • Disabling Functionality
    • Preventing information disclosure (display_errors)
    • Restricting Includes
    • Restrict File Uploads
    • Mod_security (false positive)
    • Check file permission
  • Worries and concerns
    • No opcode caching
    • App monster like typo3 or magento
  • - The monster
    • 6337 files
      • .php 1246
      • .gif 3040
    • Peak up to 128Mb per request
    • Very complex
      • A lot of options to mess with
  • Worries and concerns
    • No opcode caching
    • App monster like typo3 or magento
    • mod_rewrite voodoo
    • PHP5.3 -> lot of deprecated functions
    • Developers want * bling bling*
    • My website is hacked – what now?
  • Worries and concerns #2
    • „Worked on my local maschine!“
    • No clearing of cached files
    • Updates - „never touch a running system“
    • Store files in database
    • Corrupted databases
  • Summary
    • PHP has a lot to offer feature-wise
    • PHP is highly flexible & configurable
    • Actracts wide range of users
    • Lots of abuse cases are PHP related, but that’s not the fault of PHP
    • Scaling is „limited“ (left out due time limit)
  • Q&A