archive-com.com » COM » S » STUARTHERBERT.COM

Total: 477

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Stuart on PHP - » Isolate To Eliminate
    smaller systems and components Keep going until you ve reached the smallest testable system component unit or lines of code that show the fault Congratulations you have isolated the fault Apart from being a strategy that allows you to work on code you ve never seen before this approach also has the advantage that it is evidence based This approach eliminates guess work and it forces developers assumptions about how their code actually works in practice to be challenged The data never lies but be aware that it can be mis interpreted The approach is iterative and you ll find that you ll often go back and forth between your code and your tests making your code easier to test and your tests have clearer and more targeted test domains and results Fix the tests that are relevant to the bug you are tracking down and make a list of any other issues you find along the way for you to come back and address at a later date Stay on target and park potential tangents and distractions for another time Although this sounds like a slow process when described on paper with practice it can be executed at high speed during an emergency situation However the need to restore service in a timely manner isn t always compatible with this approach and you re normally better off returning to your test environment where you can study the fault without inconveniencing your customers any further About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and a regular speaker at conferences and user groups since 2004 When he s not designing software Stuart loves to explore the world through a camera lens spend time with his beloved guitars and continue his study to T ai Chi Chu an Taijiquan No Comments Webby Scripts Stuart Herbert On PHP Isolate To Eliminate says October 10th 2009 at 8 01 pm the original post Stuart Herbert On PHP Isolate To Eliminate Stuart Herbert s Blog Isolate To Eliminate Webs Developer says October 12th 2009 at 3 02 pm his most recent post Stuart Herbert has a suggestion that can make your development life simpler and make debugging less of a headache down the road Stuart Herbert s Blog Isolate To Eliminate Webs Developer says October 12th 2009 at 3 02 pm his most recent post Stuart Herbert has a suggestion that can make your development life simpler and make debugging less of a headache down the road Jatinder Bhambri says January 12th 2010 at 9 22 am Nice comment isolate to eliminate i HV ALSO D SAME OPINION TO OTHERS Jatinder Bhambri says January 12th 2010 at 9 22 am Nice comment isolate to eliminate i HV ALSO D SAME OPINION TO OTHERS Latest Photos Categories phpnw 1 Beginner 2 Intermediate

    Original URL path: http://blog.stuartherbert.com/php/2009/10/10/isolate-to-eliminate/ (2016-05-02)
    Open archived version from archive


  • Stuart on PHP - » Making IIS Practical In Production For PHP
    a matter of moments Restarting IIS will clear off all the PHP processes but if demand remains the same the webserver will start swapping again very soon and you re back to square one your websites back to being unavailable to the outside world With Apache and mpm prefork mpm peruser or mpm itk you can adjust Apache s settings to make sure that your server never swaps With Apache and PHP FastCGI you can do this too by adjusting the number of FastCGI processes created Although atm I don t recommend using Apache PHP FastCGI in production environments But how exactly do you do this with IIS and PHP CGI or PHP FastCGI The answer can be found in the IIS 7 documentation It looks like you can limit the number of FastCGI instances per application pool IIS best practice is to setup a separate application pool per website IIS s architecture is nothing like Apache That s fine for servers running just the one website but is there a way to set a similar limit that applies across all application pools It would be great if there was And I m not sure that there s a way to do this with CGI if you have problems with FastCGI crashing Love it or hate it Windows Server is the right choice for many firms and the better PHP runs in a Windows Server production environment the more opportunities there are for firms and individuals that create PHP apps in the future About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and a regular speaker at conferences and user groups since 2004 When he s not designing software Stuart loves to explore the world through a camera lens spend time with his beloved guitars and continue his study to T ai Chi Chu an Taijiquan No Comments Jones says February 26th 2009 at 10 21 am It would be very interesting to read about howto adjust Apache s settings to make sure that your server never swaps Do you have any formulas for this I tried to get this from the Apache mauals but could not succeed process handling always seems to have some randomness inside and I feel like this is a VERY important part that should be placed on page 2 or three of the official manuals instead it is a secret Would be verxy interesting to read about your findings here Thanks Jones says February 26th 2009 at 10 21 am It would be very interesting to read about howto adjust Apache s settings to make sure that your server never swaps Do you have any formulas for this I tried to get this from the Apache mauals but could not succeed process handling always seems to have some randomness inside and I

    Original URL path: http://blog.stuartherbert.com/php/2008/12/17/making-iis-practical-in-production-for-php/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Can You Secure A Shared Server With PHP + FastCGI?
    The average failure rate was 2 requests per 1000 and the failure rate was consistent no matter which Apache MPM was used which Apache FastCGI module was used and how many thousands of requests I used in my testing At the time of writing I haven t tracked down the cause of this failure and it may not appear in your own environment but none of the previous solutions I ve looked at in this series have displayed this problem so it s something to think about before chosing PHP FastCGI to serve your websites I m hoping to find time in the future to get to the bottom of this problem if no one gets there first As a result I can t recommend using PHP FastCGI suexec at this time My current recommendation is mpm itk which has successfully served millions of page hits for me in production over the last few months References This article was made possible by information already on the internet http interworx com forums showthread php p 8327 http ckdake com projects documentation php security This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and a regular speaker at conferences and user groups since 2004 When he s not designing software Stuart loves to explore the world through a camera lens spend time with his beloved guitars and continue his study to T ai Chi Chu an Taijiquan 14 Comments Chris Kelly says October 7th 2008 at 10 30 am I haven t experienced the 2 1000 failure rate that you have All of my problems have been a result of the previous version of APC which would cause pages to show up blank until httpd was gracefully restarted but the most recent version of APC hasn t caused these problems hmm Martin Fjordvald says October 7th 2008 at 11 22 am Have you considered perhaps using a different web server such as lighttpd I use lighttpd 1 5 0 without any problems The downside would be no mod rewrite through htaccess though so I m not sure how well it would work for your average shared hosting server Lafriks says October 7th 2008 at 6 01 pm I m also using lighttpd and php fcgi for shared hosting security and had no problems with such configuration I have to help out clients with porting apache mod rewrite syntax to lighttpd but it s usually only once for new client Enlaces interesantes says October

    Original URL path: http://blog.stuartherbert.com/php/2008/10/07/can-you-secure-a-shared-server-with-php-fastcgi/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » The Web Platform
    setid mode config Check out the suphp documentation included in the source tarball for the details on what each mode does Next run make to compile the software Assuming everything compiles just fine the next step is to install mod suphp by copying it to your Apache modules directory cp src apache2 libs mod suphp so usr lib apache2 modules After that you need to install the suphp binary cp src suphp usr sbin suphp chmod 4755 usr sbin suphp mod suphp is hard coded to expect the suphp binary to be installed into usr sbin If you put it anywhere else mod suphp won t be able to run PHP for you To finish download the suphp configuration file from Gentoo s CVS and install it as etc suphp conf Then edit the file updating all the settings to match the values you passed to the configure script Configuring Apache The first thing you need to do to your Apache config files is to comment out mod php mod suphp is a replacement for mod php you cannot run both at the same time Then in your main httpd conf file add the following LoadModule suphp module modules mod suphp so AddType application x httpd php php AddHandler application x httpd php php suPHP Engine On Location SuPHP AddHandler x httpd php Location DirectoryIndex index php index htm index html default htm default html This tells Apache to load mod suphp to associate it with PHP scripts and to look for index php et al when a URL only specifies a folder name instead of a file The final step is to go into each of your virtual hosts and tell mod suphp which user owns the virtual host This will the user and group that PHP will run as VirtualHost www example com SuPHP UserGroup stuart mybusiness VirtualHost Now you re ready to restart Apache and to run some tests to make sure that suphp is up and running Some Benchmarks suphp works the same way as Apache s suexec Every time a PHP script is run suphp has to fork Apache and then execute another copy of the PHP CGI binary This approach provides the absolute security benefits that we seek but is much slower than using mod php To benchmark suphp I used Apache s ab benchmark to load a simple phpinfo page 1 000 times I ran the benchmark five times and averaged the results suphp average of 164 677 seconds mod php average of 6 422 seconds suphp is some 25 times slower than mod php This is a substantial performance hit but it s better than suexec which benchmarked at 36 times slower than mod php I admit to being surprised that suphp performs better than suexec I plan to put all of the alternatives covered here in a head to head article soon Other Considerations One neat feature of suphp is that it can support both PHP 4 and PHP 5 running on the same box at the same time Hopefully you ve already made the move to PHP 5 and you don t need this feature but it s there if you do The same feature can be used to support both PHP 5 and PHP 6 when it s released at the same time Be aware that the last release of suphp was in 2006 There is an active mailing list you can join for community help and support Conclusions suphp is an easy to install easy to configure and easy to maintain alternative to Apache s own suexec If you are running a shared server and the horrific performance penalty doesn t put you off then suphp is well worth looking at instead of using suexec But the question is is there anything better out there something that provides both security and performance In the next article I ll take a look at a third party Apache mod that attempts to answer that This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page 26 comments Using suexec To Secure A Shared Server Posted by Stuart Herbert on December 18th 2007 in The Web Platform The challenge with securing a shared hosting server is how to secure the website from attack both from the outside and from the inside PHP has built in features to help but ultimately it s the wrong place to address the problem So what can Apache do to help It turns out that there are quite a few alternative ways that Apache can help This article will look at what we can do with stock Apache and the next few articles will look at what we can do with some interesting third party Apache modules suexec Running CGI Programs As A Specified User Configuring Apache With PHP CGI Configuring suexec With PHP CGI Configuring suexec For Shared Servers Some Benchmarks Other Considerations Conclusions suexec Running CGI Programs As A Specified User To secure a shared hosting server we want to be able to run PHP as the user who owns that particular website One way to do this with stock Apache is with suexec suexec is a standard Apache module which allows you to run a CGI executable as a specified user and group CGI executables date back to the very early days of the web back when we all had to use Perl to create dynamic websites Although PHP is commonly run as an Apache module it still provides support for CGI Check with your Linux vendor to make sure that you have PHP CGI installed on your box Configuring Apache With PHP CGI The first step for getting suexec working is to configure Apache to run PHP as a CGI executable instead of using mod php Add the following configuration to your httpd conf file ScriptAlias php5 cgi usr bin php cgi Action php5 cgi php5 cgi AddHandler php5 cgi php AddDirectoryIndex index php and add the following line to your virtual host AddHandler php5 cgi php In your httpd conf file or in one of the files that httpd conf includes there will be a Directory entry for the directory on disk where your virtual host is stored Inside that Directory entry there should be an Options line which might look like this Options Indexes FollowSymLinks Add ExecCGI to the end of your Options line Make sure to comment out mod php from Apache Then restart Apache and do some testing to make sure that PHP 5 is working For reference here is the Apache config from my test system ScriptAlias php5 cgi usr bin php cgi Action php5 cgi php5 cgi AddHandler php5 cgi php AddDirectoryIndex index php index phtml VirtualHost 80 DocumentRoot var www localhost htdocs Directory var www localhost htdocs Options Indexes FollowSymLinks ExecCGI AllowOverride All Order allow deny Allow from all Directory AddHandler php5 cgi php VirtualHost Configuring suexec For PHP CGI With Apache now running PHP as a CGI executable we re ready to get Apache running PHP as the owner of each website In your test virtual host add the following SuexecUserGroup stuart users Replace stuart with the user who owns the website and replace users with the group that the user belongs to This sets the privileges that PHP will run as To ensure the security of your server suexec is very particular about what conditions must be met before it will execute your PHP scripting engine A full list of conditions can be found in the Apache docs To make sense of the conditions you ll need to know what settings your copy of suexec has been compiled with Run the command suexec V to find out your system s settings This is the output from my Seed Linux LAMP Server system belal vhosts d suexec V D AP DOC ROOT var www D AP GID MIN 100 D AP HTTPD USER apache D AP LOG EXEC var log apache2 suexec log D AP SAFE PATH usr local bin usr bin bin D AP SUEXEC UMASK 077 D AP UID MIN 1000 D AP USERDIR SUFFIX public html The first condition and one that isn t obvious from the Apache manual is that the PHP CGI executable must be installed under AP DOC ROOT Chances are that it isn t installed there at the moment so go ahead and copy it there mkdir var www localhost cgi bin cp usr bin php cgi var www localhost cgi bin The second condition is that the PHP CGI executable must be owned by the same user and group you listed in the SuexecUserGroup statement earlier This causes problems for shared hosting I ll show you how to fix that later in this article chown stuart users var www localhost cgi bin php cgi Update your Apache httpd conf file to use this copy of PHP ScriptAlias php5 cgi var www localhost cgi bin php cgi Restart Apache and test to make sure that PHP 5 is still working You should also start to see log messages appearing in AP LOG EXEC This is the first place to look if PHP isn t working although the log messages can be a little terse and cryptic For reference here is the Apache config from my test system ScriptAlias php5 cgi var www localhost cgi bin php cgi Action php5 cgi php5 cgi AddHandler php5 cgi php AddDirectoryIndex index php index phtml VirtualHost 80 DocumentRoot var www localhost htdocs Directory var www localhost htdocs Options Indexes FollowSymLinks ExecCGI AllowOverride All Order allow deny Allow from all Directory SuexecUserGroup stuart users AddHandler php5 cgi ph VirtualHost Configuring suexec For Shared Servers I mentioned earlier that there was a problem with using suexec PHP CGI on shared servers the very environment where suexec is needed the most In one of the steps above we created a copy of the PHP CGI executable and changed its ownership on disk to match the ownership of the website chown stuart users var www localhost cgi bin php cgi What happens when we have two websites each owned by a different user Or five or ten or hundreds Apache s suexec will refuse to re use this copy of the PHP CGI executable for each of the websites because it isn t owned by the right user and group Each website needs its own copy of the PHP CGI executable owned by the user and group that owns the website itself We don t want to create hundreds of copies of the actual PHP CGI executable it s a large waste of space and a pain for managing PHP upgrades so instead we can point each website at its own copy of a simple bash script bin bash usr bin php cgi This script simply executes our central copy of the PHP CGI executable passing through whatever parameters Apache has called the bash script with To configure Apache to use this script simply move the ScriptAlias statement from outside the VirtualHost config to inside Some Benchmarks Because Apache is having to execute a new suexec process every page hit and suexec executes a new PHP CGI process every page hit it s going to be slower than running mod php But how much slower To find out I used Apache s ab benchmarking program to load a phpinfo page 1000 times I ran the benchmark five times and averaged out the results suexec average of 127 219 seconds suexec bash script average of 134 836 seconds mod php average of 3 753 seconds suexec on its own is some 34 times slower than using mod php suexec the bash script needed for shared hosting environments is even worse at 36 times slower than using mod php This benchmark doesn t provide the full picture Once you take into account the extra memory used by the suexec method and the extra memory and CPU and process context switches required to transfer output from PHP CGI to Apache to send back to the website s user the final cost of using suexec PHP CGI will be substantially higher Other Considerations Performance isn t the only thing to think about when evaluating suexec PHP CGI suexec PHP CGI does solve the security challenge without requiring your application to support safe mode HTTP authentication is only supported by mod php not PHP CGI If your application relies on this then suexec PHP CGI is not for you Conclusions Apache s suexec mechanism does secure a shared hosting server from attack from within However this is achieved at a heavy performance cost which inevitably will translate into needing lots of extra servers which is expensive So if Apache itself doesn t come with a solution that s worth a damn maybe there are third party solutions out there that can do a better job The next article in the series will take a look at what others have done to try and plug this gap This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page 19 comments PHP s Built In Solutions For Shared Hosting Posted by Stuart Herbert on November 27th 2007 in The Web Platform In my last article I covered the fundamental security problem that exists when you have multiple websites owned by different people on the same box The challenge is to secure the box not just from outside attack something you have to do anyway and which I ll cover later in this series but also to make sure that code running on one website can t steal confidential data like MySQL passwords from any of the other websites This isn t a problem caused by or unique to PHP It has been a problem with websites ever since the original NCSA httpd was released back in the early nineties with the ability to run Perl scripts via the CGI interface Over fifteen years later NCSA httpd has given way to Apache and Perl has given way to mod php but the problem is still the same On Windows the problem is a little different because Windows handles process permissions differently I ll look at that in a later article PHP 4 5 ship with two features which were designed to tackle this issue safe mode and open basedir Introducing safe mode Safe mode is an optional PHP feature aimed at restricting which files any PHP script can access It works like this When your PHP script is executed PHP makes a note of which user owns your PHP script On a shared hosting server this will be your user account the account you log into to FTP files up to the server Whilst your PHP script is running if your script wants to access any other files PHP checks to see who owns those files first If the file isn t owned by the same user who owns the running script PHP refuses to open the file Sounds like a great solution to the problem Your PHP script can open your files which is what you want but it cannot open the files of any of the other customers on the box So how do we switch it on Configuring safe mode To switch on safe mode set safe mode 1 in your php ini file and restart Apache Then test your website and make sure it still works If you have PEAR or a n other PHP libraries installed in a central location on your server and listed in the include dir setting you should also add this location to safe mode include dir as well This tells PHP to skip the owning user test when accessing the PEAR libraries There are also other things you can configure right down to enabling disabling specific PHP functions and classes Full details as always are in the excellent PHP Manual I won t be going into them in any detail in this article The Problems With safe mode Alas if it sounds too good to be true then all too often it is Any moderately complicated PHP application will create files on the server The obvious example is uploaded images to a blog but it s just as likely to be cache files for RSS feeds or to reduce database overhead or a friendly web based installer like the one that comes with WordPress When your script creates these files the files on disk will be owned by Apache not by your user account Remember Apache doesn t run with your user account s privileges it runs as its own user With safe mode enabled PHP can t read any of the files created by Apache To use safe mode your PHP script can never ever write brand new files to disk It can write out existing files that you own You ll have to store all of your data in the database which isn t always convenient or the fastest solution It s also theoretically possible to get around safe mode safe mode is a PHP feature not a security policy enforced by the underlying operating system A PHP extension one written in C not in PHP could ignore safe mode and just open any files that it chooses and that Apache can see The PHP developers audit the official PHP extensions to make sure none of them can be abused like this but when it comes to third party extensions you

    Original URL path: http://blog.stuartherbert.com/php/category/the-web-platform/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Using suexec To Secure A Shared Server
    running mod php But how much slower To find out I used Apache s ab benchmarking program to load a phpinfo page 1000 times I ran the benchmark five times and averaged out the results suexec average of 127 219 seconds suexec bash script average of 134 836 seconds mod php average of 3 753 seconds suexec on its own is some 34 times slower than using mod php suexec the bash script needed for shared hosting environments is even worse at 36 times slower than using mod php This benchmark doesn t provide the full picture Once you take into account the extra memory used by the suexec method and the extra memory and CPU and process context switches required to transfer output from PHP CGI to Apache to send back to the website s user the final cost of using suexec PHP CGI will be substantially higher Other Considerations Performance isn t the only thing to think about when evaluating suexec PHP CGI suexec PHP CGI does solve the security challenge without requiring your application to support safe mode HTTP authentication is only supported by mod php not PHP CGI If your application relies on this then suexec PHP CGI is not for you Conclusions Apache s suexec mechanism does secure a shared hosting server from attack from within However this is achieved at a heavy performance cost which inevitably will translate into needing lots of extra servers which is expensive So if Apache itself doesn t come with a solution that s worth a damn maybe there are third party solutions out there that can do a better job The next article in the series will take a look at what others have done to try and plug this gap This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and a regular speaker at conferences and user groups since 2004 When he s not designing software Stuart loves to explore the world through a camera lens spend time with his beloved guitars and continue his study to T ai Chi Chu an Taijiquan 19 Comments sapphirecat says December 18th 2007 at 1 24 pm Is it more efficient to use exec so the shell doesn t fork wait on php cgi I m curious what the benchmark result is if you change the bash script like so exec usr bin php cgi It also seems fairly trivial to write a small C program to do this you d

    Original URL path: http://blog.stuartherbert.com/php/2007/12/18/using-suexec-to-secure-a-shared-server/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Using suphp To Secure A Shared Server
    mod that attempts to answer that This article is part of The Web Platform an on going series of blog posts about the environment that you need to create and nurture to run your web based application in If you have any topics that you d like to see covered in future articles please leave them in the comments on this page About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and a regular speaker at conferences and user groups since 2004 When he s not designing software Stuart loves to explore the world through a camera lens spend time with his beloved guitars and continue his study to T ai Chi Chu an Taijiquan 26 Comments Jan Schneider says January 18th 2008 at 9 39 am I don t think the benchmarks you run give a good impression about the performance impact phpinfo isn t really an expensive operation I expect the PHP initialization taking most of the time in your tests and that s of course more expensive with suexec or suphp With some real world application benchmarks I would expect the difference becoming smaller It s probably still a magnitude and the additional CPU and memory resources can t be denied But the tradeoff that admins have to consider when implementing such a protection is much different whether your users script run 25 35 times slower compared to say 5 10 times I don t know if the difference would really get that small but I would really be interested in benchmarks better matching real world applications Mats Lindh says January 18th 2008 at 10 53 am I would also recommend checking out apache2 mpm itk which is available through debian repositories and as a source code patch at http mpm itk sesse net This patch also allows you to run different virtualhosts as different users and does not limit itself to only PHP Stu says January 18th 2008 at 12 53 pm Jan That s a fair point Once I ve finished reviewing the main options for shared hosting I ll put together a better set of benchmarks as a head to head article Mats I m planning to look at mpm peruser next and then mpm itk in the article after that ITK is interesting from a performance point of view but the security problems it brings need careful consideration developercast com Stuart Herbert s Blog Using suphp To Secure A Shared Server says January 18th 2008 at 2 56 pm Herbert has posted about a very helpful method server admins can use out there to not only help secure their server but Lee says January 20th 2008 at 2 06 am I ve tried using suphp and suexec in the past with Apache and after all the performance problems I decided to my to the Lite Speed web server It gives me the performance and security I want for a very reasonable cost Using mpm peruser To Secure A Shared Server Stuart Herbert On PHP says March 20th 2008 at 5 35 pm fast as mpm prefork the traditional way of running mod php in this simplistic test and it leaves suphp and suexec trailing in the Noel says April 5th 2008 at 3 54 pm Have you also considered options like FastCGI in combination with mod fcgid for example Stuart Herbert says April 5th 2008 at 5 42 pm Lee There hasn t been much interest in LiteSpeed when I ve asked for feedback to be honest But I will look at it Thanks Noel I haven t considered FastCGI so far The problem I perceive with FastCGI is that it s designed to have persistent CGI processes running between page views If you have hundreds or more sites on a single server you ll need a lot of extra RAM to keep the FastCGI processes running all the time I will look at it though I think it would be good to try and cover as many options as possible even if only to rule them out so that the advice is comprehensive alfeze says April 12th 2008 at 8 00 pm this was a very well written article thank you I have been contemplating for some time and will be going with suphp however I wanted to know the effects it would have on my current customers is it seamless transition or will clients be effected cheers Stuart Herbert On PHP Using mpm itk To Secure A Shared Server says April 19th 2008 at 1 01 pm benchmarks much better than suexec and suphp but is still quite a bit slower than Phill Brown says July 9th 2008 at 3 59 pm Are there any disadvantages to suPHP compared to suExec other than performance difference Stuart Cheers Phill Fwolf s Blog Blog Archive php Fwolf s Blog says July 13th 2008 at 10 47 am Using suphp To Secure A Shared Server Run PHP scripts with different users on the same server PHP Impact str Blog says August 10th 2008 at 8 11 pm Herbert wrote a nice article explaining how to secure a shared server using suPHP The challenge with securing a shared hosting geetha says August 27th 2008 at 5 31 am I think so suPHP might be little slower tham mod php Stuart Herbert On PHP Can You Secure A Shared Server With PHP FastCGI says December 7th 2008 at 4 51 pm The belief is that using FastCGI will overcome the performance issues of Apache s suexec or mod suphp because FastCGI processes persist between page Perry says January 12th 2009 at 9 10 am Keep in mind if you transition to suPHP on production systems you ll want to remove all old session data which will be owned by the previous owner of

    Original URL path: http://blog.stuartherbert.com/php/2008/01/18/using-suphp-to-secure-a-shared-server/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » 40 Firefox Extensions Every Web Developer Should Check Out
    machine I ve not seen too many crashes either Otaku says June 16th 2008 at 2 40 pm I really like Add N Edit Cookies Otaku says June 16th 2008 at 2 40 pm I really like Add N Edit Cookies Lista di trucchetti CSS Melodycode com Life is a flash says June 16th 2008 at 2 51 pm Se volete un overdose di plugin per Firefox leggetevi 40 Firefox Extensions Every Web Developer Should Check Out anche se poi come sappiamo tutti quelli più utili sono 5 6 PS2 Lo so non centrava Lista di trucchetti CSS Melodycode com Life is a flash says June 16th 2008 at 2 51 pm Se volete un overdose di plugin per Firefox leggetevi 40 Firefox Extensions Every Web Developer Should Check Out anche se poi come sappiamo tutti quelli più utili sono 5 6 PS2 Lo so non centrava s says June 16th 2008 at 8 33 pm Firefox 3 comes out tomorrow I hope many of these extensions get updated s says June 16th 2008 at 8 33 pm Firefox 3 comes out tomorrow I hope many of these extensions get updated Brutuscat says June 16th 2008 at 8 49 pm Nice list One I use a lot is Cookiepie www nektra com oss firefox extensions cookiepie seems to be missed here Is really useful to log in into multiple accounts in a same site like Gmail and others Cheers Brutuscat says June 16th 2008 at 8 49 pm Nice list One I use a lot is Cookiepie www nektra com oss firefox extensions cookiepie seems to be missed here Is really useful to log in into multiple accounts in a same site like Gmail and others Cheers links for 2008 06 17 Mandarine says June 17th 2008 at 4 35 am 40 Firefox Extensions Every Web Developer Should Check Out tags webdev webdesign list firefox extensions tools links for 2008 06 17 Mandarine says June 17th 2008 at 4 35 am 40 Firefox Extensions Every Web Developer Should Check Out tags webdev webdesign list firefox extensions tools jaredmellentine says June 17th 2008 at 4 40 am I haven t found a better cookie plugin than Firecookie It s a plugin for Firebug https addons mozilla org en US firefox addon 6683 jaredmellentine says June 17th 2008 at 4 40 am I haven t found a better cookie plugin than Firecookie It s a plugin for Firebug https addons mozilla org en US firefox addon 6683 Taking full web page screenshots Update MrGierer s World says June 17th 2008 at 7 46 am stumbled across this extension in Stuart Herberts blog post about 40 Firefox extension for web developers which contains many interesting extensions some of them have been mentioned here Taking full web page screenshots Update MrGierer s World says June 17th 2008 at 7 46 am stumbled across this extension in Stuart Herberts blog post about 40 Firefox extension for web developers which contains many interesting extensions some of

    Original URL path: http://blog.stuartherbert.com/php/2008/06/16/40-firefox-extensions-every-web-developer-should-check-out/ (2016-05-02)
    Open archived version from archive

  • Stuart on PHP - » Review: Mastering phpMyAdmin 2.11 for Effective MySQL Management
    find a bit long in the tooth About The Book Marc s book is aimed both at folks new to MySQL and phpMyAdmin as well as experienced developers such as myself who aren t aware of the advanced features that have been added over the years The full chapter list is Introducing phpMyAdmin Installing phpMyAdmin Interface Overview First Steps Changing Data Changing Table Structures Exporting Structure and Data Importing Structure and Data Searching Data Table and Database Operations The Relational System Entering SQL Commands The Multi Table Query Generator Bookmarks System Documentation MIME Based Transformations Character Sets and Collations MySQL 5 0 Features MySQL Server Administration Troubleshooting and Support The first ten chapters cover the basics of using phpMyAdmin If you re new to phpMyAdmin these chapters will be very helpful to you and if you ve been using phpMyAdmin for years there s still little bits in here that you might not have been aware of before now I particularly like the way that these chapters often refer back to the configuration settings in phpMyAdmin s config file However towards the end of this section the material starts to feel a bit rushed as if the author himself can t wait to get onto the clever features of phpMyAdmin that have yet to come If you re completely new to MySQL you might find the end of this section to be a little light on detail I hope the next edition of this book beefs these chapters up a bit Like most people I know my use of phpMyAdmin over the years has tended to stick with the basics creating and browsing tables I confess it s partly because I ve found the phpMyAdmin UI to be more and more clunky as time has gone by a throwback to the days before Google showed us just what could be done with Javascript and AJAX So the second half of the book which looks at the more advanced features of phpMyAdmin were ones I found very educational I had no idea for example that phpMyAdmin now includes an AJAX based Designer tool or that I can use phpMyAdmin to generate PDF documentation of my databases I found these chapters to be very detailed and informative although again towards the end of the second half of the book the chapters began to feel a little rushed in places to me Conclusion I have several new starters joining my team in June and it ll be interesting to see whether or not they find the book useful as they find their feet in their first job doing PHP web development One thing s for sure I ll have no hesitation in leaving this book out for them to read About The Author Stuart has been writing PHP applications since 2003 and has been contributing to open source software since 1994 He was an early writer for php architect a co author of the Official Zend Certification Study Guide for PHP 4 and

    Original URL path: http://blog.stuartherbert.com/php/2008/05/06/review-mastering-phpmyadmin-211-for-effective-mysql-management/ (2016-05-02)
    Open archived version from archive



  •