Tips of CakePHP and MongoDB - Cakefest2011 ichikaway

Tips ofCakePHP & MongoDB 2011/9/4 CakeFest2011 Yasushi Ichikawa

I amYasushi IchikawaIchi@ichikawayhttp://cake.eizoku.com/blog

Topic ● Whats MongoDB? ● Using MongoDB with CakePHP ● Setup ● Usage ● Security ● Future@ichikaway http://cake.eizoku.com/blog/

MongoDBNoSQLPerformanceScalability@ichikaway http://cake.eizoku.com/blog/

Good for ● Social-Apps ● Calculation on distributed servers ● log analysis ● Questionnaire form@ichikaway http://cake.eizoku.com/blog/

Terms RDB MongoDB Table Collection Row Document Column Field@ichikaway http://cake.eizoku.com/blog/

Schema free Posts Collection id, title, body id, name, tel, fax id, name, nickname, email Posts collection@ichikaway http://cake.eizoku.com/blog/

Schema free Screen Blog Blog collection Title xxxx Title : xxxx Text yyyy Text : yyyy data Tag: [tag1,tag2,tag3] tag1,tag2,tag3 Comment: [ Comment1 comment1, Comment2 comment2, Comment3 comment3 ]@ichikaway http://cake.eizoku.com/blog/

MongoDB operators Find operators $gt, $gte db.posts.find( $lt, $lte { age : { $gt: 5 }} $ne ) $in $nin $orhttp://www.mongodb.org/display/DOCS/Advanced+Queries@ichikaway http://cake.eizoku.com/blog/

MongoDB operators Update operators $inc db.posts.update( $set { name: “Ichi” }, $push { $inc: { cnt: 1 }} $pull ) $pop $unsethttp://www.mongodb.org/display/DOCS/Updating@ichikaway http://cake.eizoku.com/blog/

Functions ● Geospatial index (location info) ● Map/Reduce ● Binary file saving (GridFS) ● Sharding ● etc@ichikaway http://cake.eizoku.com/blog/

WebSite@ichikaway http://cake.eizoku.com/blog/

http://kanael.net@ichikaway http://cake.eizoku.com/blog/

kanael.net ●Server ● VPS(2.4GHz-2core, 1.5GMem) x 1 ●Application ● 40% write, 60% read ● 300,000 ducuments@ichikaway http://cake.eizoku.com/blog/

kanael.net ● Peak traffic ● 100,000+ requests/day ● CPU 75% (MongoDB 10%)@ichikaway http://cake.eizoku.com/blog/

CakePHP MongoDBRepositorygithub.com/ichikaway/cakephp-mongodb/@ichikaway http://cake.eizoku.com/blog/

CakePHP MongoDBRepository●Test files●API documents●Sample Applications@ichikaway http://cake.eizoku.com/blog/

CakePHP MongoDB PHP5+ CakePHP1.2, 1.3, 2.0-beta Pecl Mongo driver Documents ● https://github.com/ichikaway/cakephp- mongodb/wiki@ichikaway http://cake.eizoku.com/blog/

Structure Model CakePHP-MongoDB Datasource MongoDB MongoCollection MongoCursor@ichikaway http://cake.eizoku.com/blog/

Setup@ichikaway http://cake.eizoku.com/blog/

Setup pecl mongo pecl install mongo vi php.ini extension=mongo.so@ichikaway http://cake.eizoku.com/blog/

CakePHP1.3@ichikaway http://cake.eizoku.com/blog/

Setup Cake Mongo(1.3) cd app/plugins git clone git://github.com/ichikaway/cakephp- mongodb.git mongodb vi app/config/database.php@ichikaway http://cake.eizoku.com/blog/

database.php Cake1.3 class DATABASE_CONFIG { public $default = array( driver => mongodb.mongodbSource, database => blog, host => localhost, port => 27017, );@ichikaway http://cake.eizoku.com/blog/

CakePHP2.0@ichikaway http://cake.eizoku.com/blog/

Setup Cake Mongo(2.0)cd app/Plugingit clonegit://github.com/ichikaway/cakephp-mongodb.git Mongodbgit checkout -b cake2.0 origin/cake2.0vi app/Config/database.php@ichikaway http://cake.eizoku.com/blog/

database.php Cake2.0// app/Config/database.phpclass DATABASE_CONFIG { public $default = array( datasource => Mongodb.MongodbSource, host => localhost, database => blog, port => 27017, );@ichikaway http://cake.eizoku.com/blog/

Load plugin Cake2.0 //app/Config/bootstrap.php CakePlugin::load(Mongodb)@ichikaway http://cake.eizoku.com/blog/

Sample Post Model class Post extends AppModel { public $primaryKey = _id; }@ichikaway http://cake.eizoku.com/blog/

Useage@ichikaway http://cake.eizoku.com/blog/

find data class PostsController extends AppController { public function index() { $this->Post->find(all, $options); } } fields, conditions, order, limit@ichikaway http://cake.eizoku.com/blog/

Insert data $data = array(name => Ichi age => 32 ); $this->Post->save($data); _id:xxx1, name: Ichi, age:32 Posts collection@ichikaway http://cake.eizoku.com/blog/

Update data $data = array( _id => xxx1, name => Yasu ); $this->Post->save($data);// in Cake-Mongo DataSource$MongoCollection->update( array(_id => xxx001), array($set => array(name => Yasu)),);@ichikaway http://cake.eizoku.com/blog/

$set operator Without $set id:xxx1, name: Yasu Posts collection With $set id:xxx1, name: Yasu, age:32 Posts collection@ichikaway http://cake.eizoku.com/blog/

Use other update operators@ichikaway http://cake.eizoku.com/blog/

Update operator ($inc)$data = array( _id => xxx1, $inc => array(age => 1) );$this->Post->save($data); // in Cake-Mongo DataSource $MongoCollection->update( array(_id => xxx001), array($inc => array(age => 1)), );@ichikaway http://cake.eizoku.com/blog/

Update operator(result) _id:xxx1, name: Ichi, age:32 Posts collection _id:xxx1, name: Ichi, age:33, Posts collection@ichikaway http://cake.eizoku.com/blog/

Update operator(complex)$data = array( _id => xxx1, $inc => array(age => 1), $push => array(tags => array(php, mongo)));$this->Post->save($data);@ichikaway http://cake.eizoku.com/blog/

Update operator(result) _id:xxx1, name: Ichi, age:32 Posts collection _id:xxx1, name: Ichi, age:33, tags: [php, mongo] Posts collection@ichikaway http://cake.eizoku.com/blog/

Update operator ●see Wiki ● https://github.com/ichikaway/cakephp- mongodb/wiki/How-to-use-MongoDB-update- operators ● see test code ● testUpdate() ● testUpdateWithoutMongoSchemaProperty()@ichikaway http://cake.eizoku.com/blog/

Get Cake Mongo DataSource Object@ichikaway http://cake.eizoku.com/blog/

Source methods ● ensureIndex() ● mapreduce() ● group() See wiki https://github.com/ichikaway/cakephp-mongodb/wiki/_pages@ichikaway http://cake.eizoku.com/blog/

ex. make index $ds = $this->Post->getDataSource(); $ds->ensureIndex( $this->Post, array(title => 1) );@ichikaway http://cake.eizoku.com/blog/

Get MongoDB Object@ichikaway http://cake.eizoku.com/blog/

MongoDB Object ● CakeMongo DataSource ● not support all functions of MongoDB – gridFs – DbRef@ichikaway http://cake.eizoku.com/blog/

get MongoDB Object $mongo = $this->Post->getMongoDb();@ichikaway http://cake.eizoku.com/blog/

get MongoDB Object $mongo->getGridFs(); $mongo->setSlaveOkay(); $mongo->createDbRef(); See php manual http://php.net/manual/en/class.mongodb.php@ichikaway http://cake.eizoku.com/blog/

Get MongoCollection Object@ichikaway http://cake.eizoku.com/blog/

get Mongo Collection $mongo = $this->Model->getMongoDb(); $collection = $mongo-> selectCollection(posts);@ichikaway http://cake.eizoku.com/blog/

get Mongo Collection $collection->find(); $collection->update(); $collection->insert(); $collection->createDbRef(); See php manual http://php.net/manual/en/class.mongocollection.php@ichikaway http://cake.eizoku.com/blog/

Replica Sets@ichikaway http://cake.eizoku.com/blog/

Replica sets● master/slave replication● automatic failover● automatic recovery@ichikaway http://cake.eizoku.com/blog/

Replica sets Replication Server1 Server2 Primary Secondary Replication Application Server3 Server Secondary (CakePHP)@ichikaway http://cake.eizoku.com/blog/

Replica sets Server1 Server2 Primary Primary Replication Application Server3 Server Secondary (CakePHP)@ichikaway http://cake.eizoku.com/blog/

database.php Cake1.3class DATABASE_CONFIG { public $default = array( driver => mongodb.mongodbSource, database => blog, replicaset => array( host =>mongodb://loginid:password@ Server1:27021,Server2:27022/blog, options => array(replicaSet => myRepl) ), ); https://github.com/ichikaway/cakephp-mongodb/wiki/How-to-connect-to-replicaset-servers@ichikaway http://cake.eizoku.com/blog/

Injection Attack@ichikaway http://cake.eizoku.com/blog/

ONLY PHP ( ； ´Д ｀ )@ichikaway http://cake.eizoku.com/blog/

WHY??@ichikaway http://cake.eizoku.com/blog/

Injection Attack $user = $collection->find(array( "username" => $_GET[username], "passwd" => $_GET[passwd] ));● PHP makes array data from GET/POST request ● ex. login.php?username=admin&passwd[$ne]=1@ichikaway http://cake.eizoku.com/blog/

Injection Attack $user = $collection->find(array( "username" => $_GET[username], admin, "passwd" => $_GET[passwd] array("$ne" => 1) ));● PHP makes array data from GET/POST request ● ex. login.php?username=admin&passwd[$ne]=1@ichikaway http://cake.eizoku.com/blog/

Solution● Dont trust user input data ● GET/POST/Cookie● Solution ● Cast to string ● Check all keys of array@ichikaway http://cake.eizoku.com/blog/

Solution Cast to string@ichikaway http://cake.eizoku.com/blog/

Solution(cast to string) $cursor = $collection->find(array( "username" => (string)$_GET[username], "passwd" => (string)$_GET[passwd] ));@ichikaway http://cake.eizoku.com/blog/

Solution(cast to string) $cursor = $collection->find(array( "username" => admin, "passwd" => Array ));@ichikaway http://cake.eizoku.com/blog/

Solution Check keys of input data@ichikaway http://cake.eizoku.com/blog/

Solution(check keys) SecurePHP Library https://github.com/ichikaway/SecurePHP@ichikaway http://cake.eizoku.com/blog/

SecurePHP● Check Post/Get/Cookie● Check all array keys ● allow: a-z0-9:-_./● Check null byte@ichikaway http://cake.eizoku.com/blog/

SecurePHPvi webroot/index.php require_once( SecurePHP/config/bootstrap.php ); $Dispatcher = new Dispatcher(); $Dispatcher->dispatch();@ichikaway http://cake.eizoku.com/blog/

In the future Relational data fetch coming soon (hasOne, hasMany, belongsTo) relation branch@ichikaway http://cake.eizoku.com/blog/

Summary ● Whats MongoDB? ● Using MongoDB with CakePHP ● Setup ● Usage(find, save, MongoObject) ● Security ● Injection attack ● Future ● Relational data fetch@ichikaway http://cake.eizoku.com/blog/

THANK YOU@ichikaway http://cake.eizoku.com/blog/

http://zhys9.com	1951
http://blog.nosqlfan.com	489
http://prower-tms.blogspot.in	48
http://feed.feedsky.com	27
http://www.kuqin.com	26
http://prower-tms.blogspot.com	16
http://xianguo.com	15
http://reader.youdao.com	6
https://twitter.com	6
http://zhuaxia.com	4
http://www.zhuaxia.com	2
http://paper.li	1

Tips of CakePHP and MongoDB - Cakefest2011 ichikaway

by ichikaway on Sep 04, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

12 Embeds 2,591

Statistics

Tips of CakePHP and MongoDB - Cakefest2011 ichikaway — Presentation Transcript