This is something I am trying to grasp my head around.
Okay, so Apache simply servers files on a web server to clients. I fully understand that. But then if you install PHP, suddenly PHP code will be interpreted before those files are served by Apache. Then you install MySQL, and all of a sudden PHP can work directly with MySQL.
What is really done in the installation process that allows these three things to work so closely together? If Apache and PHP are separate programs, then how do they both work together on serving files?
Nothing happens suddenly.
TO have PHP work with Apache on Windows, you need to add the following lines in httpd.conf:
LoadModule php5_module "c:\php\php5apache2_2.dll"
PHPIniDir 'c:\php'
AddHandler application/x-httpd-php .php
(This is just referring to my settings) and then restart Apache to start serving PHP requests.
PHP comes with Mysql extension to handle MySQL requests. These days we have PDO/Mysqli extension to (a) avoid SQL injection (b) handle requests more efficiently. However as i mentioned above nothing happens automatically, you have to uncomment following lines in php.ini to make any of these extensions work for you:
extension=php_mysqli.dll
extension=php_pdo_mysql.dll
(Again referring to my php.ini on windows).
Hope that helps.
Thanks
PHP is a server side programming language that handles HTTP requests. It is fully featured and offers alot of helpful functions. Try some tutorials and you'll quickly be ready to use it.
HTTP requests are:
GET - which allows you to read data from your where you are storing data. This is done commonly with a database(MySQL) query
POST - For posting user data, commonly from HTML forms. PHP allows you to access this global variable $_POST['example'] and store it in the data.
PHP basically allows you to Create, Read, Update, Destroy (CRUD) with Databases.
What is really done in the installation process that allows these three things to work so closely together? If Apache and PHP are separate programs, then how do they both work together on serving files?
They work together because you allow them to. In your php script you must connect to a sql database before you are able to use that database. look up "mysqli_connect()" in php documentation. HTML pages call PHP scripts usually through a user input form. So that on submit you add to a database. But they must be on the same server and domain! the same locality of all programming still applies.
Related
I do write my htaccess-file by PHP and now I have read, that this is a scurity issue, because the htaccess-file's owner is www-data, when the file is created via PHP.
I also create a config.php which contains the mysql-creditentials.. this is also www-data then..
my question is, is this really a security-issue? how could this be exploited?
If .htaccess is writable by PHP, as it is purposefully in your case, that means if anyone is able to leverage any security problem in your PHP code they may be able to write to the .htaccess file, which might give them even more leverage to execute more arbitrary code.
For instance, some vulnerable file-uploading PHP code is tricked into writing an .htaccess file which configures Apache to execute .jpg files as PHP; and then another uploaded JPG file which actually contains PHP code is saved into the webroot folder where it can now be executed as PHP code. Et voilĂ , arbitrary PHP code execution.
Another nice scenario would be a rewrite rule turning your server into a reverse proxy forwarding requests to some other server and lending a hand in some DDoS attack against a 3rd party.
The point is that your web server wields a lot of power with its configuration, and .htaccess files allow you to change that configuration, and allowing PHP to change .htaccess files moves that power and the responsibility to use that power correctly into PHP. Which means you now need to be 100% certain that there are no exploitable bugs in your PHP code which could lead to somebody abusing that power.
It's always better to segregate powers and give individual pieces as little power as possible. There are probably much better approaches for whatever you're trying to do there that do not require dynamic reconfiguration of your web server by programmatically generating .htaccess files.
Im just done with a cakephp website, but im still in a doubt on what are the things that I must take care of, before making this website live.
Since it is a big application that require users to Register and Login and to manage their accounts. Any sort of help is appreciated.
Thanx.
There is a section in the CakePHP book answering directly that:
http://book.cakephp.org/2.0/en/deployment.html
Harden instillation, set production mode if you are using different SQL services, disable php error reporting, enable caching, disable and remove all client side debugging like DebugKit, make sure any comments in your html will not give hackers an advantage like printing variables.
Php frameworks can be resource hogs. I think the last but most important is to test server with some generated traffic. There are services that can do this for you. You may need to separate resources or set up an additional server for SQL if you expect a lot of traffic.
There may be a couple other things you might want to do.. Just browse your core.php and bootstrap.php. Make sure everything is working is correctly for production environment.
Here are some common but important things to be taken care of before making cake website live.
Check for read/write permissions on desired folders.
Check for images,js files and css files you need on your website .
Check for writable temp folder and clear cache.
Set debug level to 0.
Make sure database connectivity works fine.
I want to create a dynamic website that does not support IIS. The area where I work does not allow anything to be installed in the server. The have a windows based server and I would like to create a dynamic website. IIS not allowed and server side languages like asp.net, php are not allowed. They did not say anything about client side. Is it possible to do?
In short, a general answer to your question Is it possible? would be No, it's not. And if you still find a way, it's not going to be worth the effort.
For one thing, even without programming languages like ASP.NET or PHP, you still need a web server such as IIS to serve static content. There are of course alternatives to IIS specifically, but no web server at all means no serving web sites at all.
If you would be given an opportunity to server static content, you could possibly produce a web site that is dynamic at least on a per visit basis using client side scripting and cookies, but the things you could make that site do would be very limited, and without anything other than serving static content there is no saving things between sessions, or in any way affecting the server side of the application.
You have to ask yourself why you need to serve this website. Is this something your company would benefit from? If so, could you convince the IT department to setup an environment to serve it? Are there any other alternatives? And, perhaps the most important one: there are lots of free or almost free web hosting solutions out there. Why not just use one of them?
There are many excellent reasons why you would want to create a dynamic website without using a web server. Here are a couple:
You are creating a website as a means of presenting a dataset with hyperlinks that you want to be able to archive on read-only media and ignore for 10 years or more (as you can do with books), and still be able to read (IIS is very poor at backwards compatibility).
You need to present your data to people who have no access to servers or the internet and have no idea how to turn their PC into a web server (there are many millions of such people in the developing world)
Yes, it's challenging, but if you want something to be readable by anyone, anywhere, anytime, and all you can count on are web browsers, there's no option.
By saying you want to do it without IIS, I'm assuming you're implying Apache as well (since you reference no server-side languages).
It depends what you mean by 'dynamic'. Essentially you'll be limited to
JavasScript, which means that you can manipulate information and elements already on the page.
iFrames - this would let you load external pages into elements and pages on the page. These could be dynamic, and if they were on the same server you could manipulate it as well. If it was from an external server, then you wouldn't have control over it from that page.
If you are able to set up an HTTP proxy, you can use JavaScript together with a service like CouchOne. You will need the proxy, since browsers restrict AJAX calls.
I need to write a script that insert 1-million records of username or emails by crawling the web, into database.
The script may be any types like python,ruby,php etc.
Please let me know is it possible ?if possible please provide the information how can I build the script.
Thanks
You should also look at Apache Nutch and Apache Gora which would do what you're looking for. Nutch does the actual crawling which Gora stores the results in Cassandra, Hive or MySQL
Its possible may take some time though depending on your machine's performance and your internet connection.You could use PHP's cURL library to automatically send Web requests and then you could easily parse the data using a library for example :simplHtmlDOM or using native PHP DOM. But beware of running out of memory, also I highly recommend running the script from shell rather than a web browser. Also consider using multi curl functions, to fasten the process.
This is extreamly easy and fast to implement, although multi-threading would give a huge performance boost in this scenario, so I suggest using one of the other languages you proposed. I know you could do this in Java easily using Apache HttpClient library and manipulate the DOM and extract data using native x-path support, regex or use one of the many third party dom implementations in Java.
I strongly recommend also checking out Java library HtmlUnit, where it could make your life much easier, but you could maybe take a performance hit for that. A good multi-threading implementation would give a huge performance boost but a bad one could make your program run worse.
Here is some resources for python:
http://docs.python.org/library/httplib.html
http://www.boddie.org.uk/python/HTML.html
http://www.tutorialspoint.com/python/python_multithreading.htm
I would add a little on crawl side.
you said crawl the web. So here the crawling direction (i.e. after fetching a page, which link to visit next becomes very important). But if you already have a list of webpages (called seed URLs list) with you then you simply need to download them and parse out reqd. data. If you just need to parse email addresses, then regex would be your option. Because html does not have any tag for emails, then htmldom parser wouldnt help you.
I Need to set-up a server which can host a Haskell generated website. If I use PHP I can host it on a Apache sever. Likewise if I create a Haskell thing what are the suitable webservers I can use? I have tried several but most of then ended with an error. Please give me some details to set-up a Haskell running webserver.
Main need is to create a dynamic website which based on Haskell programming language.
I'd take a look at Yesod or the Snap Framework
There's more discussion on the pros and cons of each on a recent Reddit question.
Generally haskell isn't served through an Apache module. You either set up a cgi or fcgi executable, and then use apache, nginix, etc. to call that, or you use a framework like snap or happstack that provides its own server. You then don't need apache, nginix, or whatever else unless you want to use it as a proxy (to provide https, for example).
For reference, see the web category at the Haskell wiki: http://www.haskell.org/haskellwiki/Web
Edit: for just running hsp, the hsp-cgi package works: http://hackage.haskell.org/package/hsp-cgi
And for a more robust way to run hsp (not involving launching the cgi executable on each request, allowing for more persistent state therefore, etc.) then happstack is your best bet, I think, since it has hsp integration built in.
You should be able to tell the Apache how to process haskell files in just the same way Apache passes php-files to the PHP interpreter. So, think of a file extension of your haskell files, then see the Apache documentation on filters/file-endings to tell it that such files should be passed through your favorite Haskell interpreter.