Upload File

php handlers

23
Secure, Fast and Experimental PHP Handling PBWEB.CO.UK @PHILL_BROWN

Upload: phill-brown

Post on 24-May-2015

1.645 views

Category:

Technology


1 download

Report

Tags:

DESCRIPTION

An overview of the four main PHP handlers used today - suPHP, DSO, CGI and FCGI. The talk covers their pros and cons and dispel the common myths surrounding them. I also explore a new approach to server setup that combines the best from each method using mod_ruid2.

TRANSCRIPT

Page 1: PHP Handlers

Secure, Fast and ExperimentalPHP Handling

PBWEB.CO.UK

@PHILL_BROWN

Page 2: PHP Handlers

What is a PHP Handler?

Interprets code

<?phpecho ‘Hello’;

Hello

Page 3: PHP Handlers

DSO (mod_php)• Makes PHP part of Apache

• Oldest and most common

• Runs in the same process as Apache -low CPU and memory usage

• PHP-created files owned by apache user

Page 4: PHP Handlers

CGI• Run as a program outside of your server

• Reads php.ini configuration at runtime

• Loads PHP on every request - requires more CPU time and processes

Page 5: PHP Handlers

suPHP• Apache runs as the user that owns the

requested PHP script

• Doesn’t support PHP accelerators eg APC

• High CPU usage

Page 6: PHP Handlers

FastCGI• Apache runs as the user that owns the

requested PHP script

• Keeps a persistent session in the background

• Lower CPU but high memory usage

Page 7: PHP Handlers

SummaryDSO CGI suPHP FastCGI

CPU usage

Memory usage

Run as file owner

Supports PHP Accelerators

Page 8: PHP Handlers

The Ultimate Handler Setup

CPU usage

Memory usage

Run as file owner

Supports PHP Accelerators

Page 9: PHP Handlers

Enter mod_ruid2

Page 10: PHP Handlers

What is mod_ruid2?mod_ruid2 /webrootApache

Tells Apache to run /webroot files as User1

and Group1

Loads a wrapper program that executes your scripts using the configured credentials

Page 11: PHP Handlers

Where did mod_ruid2 come from?

mod_suid2 mod_ruid2Faster

Makes use of the Linux kernel to reduce processes

Page 12: PHP Handlers

How do we use mod_ruid2 to achieve The Ultimate Handler Setup?

Page 13: PHP Handlers

DSO + mod_ruid2

Page 14: PHP Handlers

DSO• Low CPU usage

• Low memory usage

• PHP accelerator support

mod_ruid2• Process

ownership control

Page 15: PHP Handlers

Site1 files owned by

User1

Apache server

Site2 files owned by

User2

Site3 files owned by

User3

Use

r2

Page 16: PHP Handlers

Apache is imprisoned in each website

Page 17: PHP Handlers

It gets better...

Page 18: PHP Handlers

Apache can write to any file

Site 1

includes

misc

modules

profiles

scripts

sites

themes

index.php

...

Page 19: PHP Handlers

But we can lockdown Apacheeven further

Site 1

includes

misc

modules

profiles

scripts

sites/default/files

themes

index.php

...

Page 20: PHP Handlers

Create a separate user for Apache

Page 21: PHP Handlers

Group

User ApacheUser

Page 22: PHP Handlers

‐rw‐r‐‐‐‐‐ User Group index.php

drwxrwx‐‐‐ User Group sites/default/files

This isThe Ultimate Handler Setup

Page 23: PHP Handlers

Thank you for listening!Handling questions...

PBWEB.CO.UK

@PHILL_BROWN


Button click handlers

Food Handlers

Loaded Container Handlers

Views Handlers & Plugins

Asynchronous handlers in asp.net

Food Handlers Card Manual

Incident Handlers Handbook 33901

COMPACT Telescopic Handlers

Asp.NET Handlers and Modules

Manitou Tipps Telescoping Handlers

Introduction to Alarm Handlers

EMPTY CONTAINER HANDLERS - Hyster

CBX32MV 1.5-5 TON MULTI-POSITION AIR HANDLERS AIR HANDLERS

High Efficiency Air Handlers

Material Handlers MM_PM_300

9i Parts Handlers

AIR HANDLERS TA

Fuel Handlers Study Guide

RUUD AIR HANDLERS & COILS

Mill Liner Handlers

Food Handlers Guide - Tamil

Teleboom Handlers

Rooftop Air Handlers

Tele Handlers

Surprise Exception Handlers

MM_HI_300 Materials Handlers v31 Material Handlers MM_PM_300

Mongrel Handlers

Air Handlers Guide

Telescopic Handlers FH - SAEMMA

39e 5pAir Handlers

Telescopic Handlers Operator’s Manual

REACHSTACKER CONTAINER HANDLERS

DL SERIES TELESCOPIC HANDLERS

ARUF AIR HANDLERS

HTTP HAndlers