2. $agenda
Brief of PHP 7
New PHP Engine
Benchmark speed PHP 7 vs PHP 5
Some new things in PHP 7
Setup environment to testing PHP 7
Quick view about CVE-201504024
3. Brief of PHP 7
The current stable release uses the version number PHP 5.6.
After some dispute the development team decided they would
omit the PHP 6 name for the next major release. PHP 6 already
existed in the past as an experimental project but never reached
the production phase.
To prevent users from mixing up the former attempt with the
latest development, the new major release will run under the
name of PHP 7.
It released in 03 Dec 2015
4. The New Zend Engine
• The current PHP 5.X series use Zend Engine II that enhanced
the funtionality of the initial engine and adds an extensible
object model and a significant performance enhancement to
the language.
• PHP 7 receives a brand new version of the engine coming
under the code name of PHP#NG (Next Generation).
5. Benchmark PHP 7 vs PHP 5
• The development team of PHPNG refactored the Zend Engine,
remarkably optimized memory usage and added just-in-time
compilation (JIT) which allows compilation at run time rather
than prior to execution.
• The results? You can see the performance benchmarks
provided by the Zend Performance Team below. By using PHP
7 not only your code will be executed faster but you will also
need fewer servers to serve the same amount of users.
19. Setup environment to testing
PHP 7
• Install Vagrant and Virtualbox
• Then:
$ git clone https://github.com/rlerdorf/php7dev.git
$ cd php7dev
$ vagrant up
... (takes a bit - it is downloading 1.5G)
$ vagrant ssh
• It will NAT, DHCP and also has a fixed address of 192.168.7.7
• http://192.168.7.7/ will show you the PHP 7 phpinfo() page
• View more : github.com/rlerdorf/php7dev
20. CVE-201504024
• Vulnerability CVE - 2015-4024 code is considered serious
when allowing an attacker perform denial-of-service attack (
DoS ) caused major losses to the server with a small code
snippet . If a system is equipped botnet using this strategy ,
the damage caused would be terrible .
• CVE - 2015-4024 was reported by a security researcher at
Baidu , China , based on logic bug in the HTTP header analysis
of PHP , which if created a special HTTP header section , you
can push CPU of the server is up 100 % makes all other
functions become paralyzed .
21. PHP version has error
PHP 5.6.(<9)
PHP 5.5.(<25)
5.4.(<41)
5.3.*
5.2.*
22. What is problem ?
Content-Disposition: form-data; name="file"; filename="test.txt”
Content-Type: application/octet-stream
Content-Disposition: form-data; name="file"; filename="s
a
a
a
a"
Content-Type: application/octet-stream
<?php phpinfo();?>