php handlers

Report

Tags:

Post on 24-May-2015

1.645 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

DESCRIPTION

An overview of the four main PHP handlers used today - suPHP, DSO, CGI and FCGI. The talk covers their pros and cons and dispel the common myths surrounding them. I also explore a new approach to server setup that combines the best from each method using mod_ruid2.

TRANSCRIPT

Secure, Fast and ExperimentalPHP Handling

PBWEB.CO.UK

@PHILL_BROWN

What is a PHP Handler?

Interprets code

<?phpecho ‘Hello’;

Hello

DSO (mod_php)• Makes PHP part of Apache

• Oldest and most common

• Runs in the same process as Apache -low CPU and memory usage

• PHP-created files owned by apache user

CGI• Run as a program outside of your server

• Reads php.ini configuration at runtime

• Loads PHP on every request - requires more CPU time and processes

suPHP• Apache runs as the user that owns the

requested PHP script

• Doesn’t support PHP accelerators eg APC

• High CPU usage

FastCGI• Apache runs as the user that owns the

requested PHP script

• Keeps a persistent session in the background

• Lower CPU but high memory usage

SummaryDSO CGI suPHP FastCGI

CPU usage

Memory usage

Run as file owner

Supports PHP Accelerators

The Ultimate Handler Setup

CPU usage

Memory usage

Run as file owner

Supports PHP Accelerators

Enter mod_ruid2

What is mod_ruid2?mod_ruid2 /webrootApache

Tells Apache to run /webroot files as User1

and Group1

Loads a wrapper program that executes your scripts using the configured credentials

Where did mod_ruid2 come from?

mod_suid2 mod_ruid2Faster

Makes use of the Linux kernel to reduce processes

How do we use mod_ruid2 to achieve The Ultimate Handler Setup?

DSO + mod_ruid2

DSO• Low CPU usage

• Low memory usage

• PHP accelerator support

mod_ruid2• Process

ownership control

Site1 files owned by

User1

Apache server

Site2 files owned by

User2

Site3 files owned by

User3

Use

r2

Apache is imprisoned in each website

It gets better...

Apache can write to any file

Site 1

includes

misc

modules

profiles

scripts

sites

themes

index.php

...

But we can lockdown Apacheeven further

Site 1

includes

misc

modules

profiles

scripts

sites/default/files

themes

index.php

...

Create a separate user for Apache

Group

User ApacheUser

‐rw‐r‐‐‐‐‐ User Group index.php

drwxrwx‐‐‐ User Group sites/default/files

This isThe Ultimate Handler Setup

Thank you for listening!Handling questions...

PBWEB.CO.UK

@PHILL_BROWN

top related

meat handlers by name
Documents
reachstacker container handlers
Documents
air handlers guide
Documents
mongrel handlers
Technology
loaded container handlers
Documents
food handlers guide - tamil
Documents
button click handlers
Documents
tele handlers
Documents
surprise exception handlers
Documents
air handlers
Documents
air handlers ta
Documents
indoor air handlers
Documents
views handlers & plugins
Documents
fuel handlers study guide
Documents
compact telescopic handlers
Documents
introduction to alarm handlers
Documents
asp.net handlers and modules
Education
telescopic handlers - liebherr
Documents
empty container handlers - hyster
Documents
aruf air handlers
Documents