• Like
PHP from the point of view of a webhoster
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

PHP from the point of view of a webhoster

  • 1,157 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,157
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Meine eigene Auffassung, nicht unbedingt korrekt.
  • Community -> Niveau ist eher im unteren Bereich, Einsteiger helfen Einsteiger. Umgangston nicht immer toll.
  • Selber kompilieren, weil Distros langsam sind mit PHP release. cyon ist ein Sharedhoster Erwartungen der Kunden
  • Autoupdates helpes a lot (wordpress)

Transcript

  • 1. point of view of a webhoster speaking @webilea
  • 2. About me
    • Working @cyon since early 2008
    • 3. Developer and #devops
    • 4. Study computer science at Uni Basel
    • 5. Linux user
    • 6. mod_rewrite guru
    • 7. NBA Jam addicted
  • 8. Overview
  • 14. PHP in 20 seconds
    • Scripting language on server side or as cli
    • 15. Introduced in 1995
      • PHP4 2000 -> Zend Engine 1.0
      • 16. PHP5 2004 -> OOP, PDO, JSON, performance
      • 17. PHP5.3 2009 -> namespaces, closures, LSB, ...
    • Dynamic typing
    • 18. Stream, Session, DB access, image processing, ...
    • 19. „Arrays in PHP are the sets and maps of java“
  • 20. Why so famous? Approx. 30% in scripting languages http://phpadvent.org/2010/usage-statistics-by-ilia-alshanetsky
  • 21. Why so famous? #2
    • It's easy, cheap and stable
    • 22. Lamp stack (Linux – Apache – Mysql – PHP)
    • 23. Steep learning curve (gains diversity)
    • 24. Community
    • 25. Libraries and ready to use apps
  • 26. PHP on a server Mod_php FastCGI CGI Web Apache Module gateway binary Process Apache process php-cgi php-cgi Configuration Apache conf files wrapper php.ini User Apache user Shell user or suexec user suphp
  • 27. PHP on a server #2
    • Apache and PHP CGI
    • 28. Multiple PHP versions
    • 29. Self compiled PHP version (make install)
    • 30. Control over php.ini
    • 31. PEAR and PECL installed
  • 32. Security
    • Long history of „fails“
      • register_globals
      • 33. Safe Mode (deprecated in PHP 5.3)
    • SQL Injection
    • 34. Cross-site scripting (XSS)
    • 35. <?php $d = 2.2250738585072011e-308; ?>
    • 36. Plugin code quality (Wordpress, Joomla, ...)
    • 37. FTP with plain authentication
  • 38. Security #2
    • suhosin patch (hardened-php.net) and suPHP
    • 39. Disabling Functionality
    • 40. Preventing information disclosure (display_errors)
    • 41. Restricting Includes
    • 42. Restrict File Uploads
    • 43. Mod_security (false positive)
    • 44. Check file permission
  • 45. Worries and concerns
    • No opcode caching
    • 46. App monster like typo3 or magento
  • 47. - The monster
    • 6337 files
    • Peak up to 128Mb per request
    • 49. Very complex
      • A lot of options to mess with
  • 50. Worries and concerns
    • No opcode caching
    • 51. App monster like typo3 or magento
    • 52. mod_rewrite voodoo
    • 53. PHP5.3 -> lot of deprecated functions
    • 54. Developers want * bling bling*
    • 55. My website is hacked – what now?
  • 56. Worries and concerns #2
    • „Worked on my local maschine!“
    • 57. No clearing of cached files
    • 58. Updates - „never touch a running system“
    • 59. Store files in database
    • 60. Corrupted databases
  • 61. Summary
    • PHP has a lot to offer feature-wise
    • 62. PHP is highly flexible & configurable
    • 63. Actracts wide range of users
    • 64. Lots of abuse cases are PHP related, but that’s not the fault of PHP
    • 65. Scaling is „limited“ (left out due time limit)
  • 66. Q&A