security - Using the PHP built-in server in production -

-

I was recently curious about PHP 5.4's built-in webserver. On the surface it seems that, however, with enough work, it may be possible to distribute PHP applications which are traditionally dependent on a different web server, such as WordPress, the form of standalone scripts In that, you can only php -S localhost: 80 ap.php (or, more likely, '. Wordpress.sh' ). They can also ship from their own PHP interpreter, which requires application for all needs, which will repeat the need to target many different versions of the language.

It is searching the wheel to some extent again, but it certainly reduces the increase in portability and complexity for the end user.

However, I looked at the following:

This web server was designed for application development support. It can also be useful for testing purposes or for applications running in controlled displays. It is not intended to be a full-featured web server, it should not be used on any public network.

This will clearly refer to issues like proper file system security and will serve the correct HTTP headers, which can be worked through it. However, what's more for this? Is there a built-in security concern and / or technical limitations with the built-in web server of PHP, in the production environment that can not be used around? If so, what are they?

I can think of a lot of operational issues, why do not you want

  • Threshing
  • Capability (not tested, but I'm assuming that NGN is faster than PHP's built-in non-optimized server)
  • Whatever you have There is also something, it enhances Enigenx, Apache, and IIS (things like new residues).

    However, there is a solution where you take the most out of running PHP with your web-in web server, while the benefits of running the web server are most of the benefits. That is, you can use a server like NGNX as a reverse proxy on PHP's underlying web server. In this situation, HTTP becomes a replacement for FastcGI, according to the general use of the built-in HTTP server in Node.js applications.

    Now, I can not talk to the special of the warning. As a documentation I am not a PHP writer if it were mine, then I will not run PHP for the next reasons, but I Maybe consider it to run like NGN on the back of the real web server. Although for me, setting up a PHP with PHP-FPM is not difficult, and I guess about the deepest accessibility of the built-in server which is documented only for testing.

    • Comments

    Post a Comment

    Popular posts from this blog

    php - PDO bindParam() fatal error -

    -
    I am trying to learn PDO, now I have written this small code, but it gives me a serious error: < P> Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
    Read more

    logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

    -
    For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i
    Read more

    java - Why my included JSP file won't get processed correctly? -

    -
    I am trying to create Java web framework (and learning), and on the basis of 'Code Generator In the process of making the material view of the database in the process of development, I stumbled into a difficulty, which I do not know how to solve it. First of all, I want the following index.jsp : & lt; Body & gt; Use all pages to be created. & Lt;% @ include file = "header.jsp"% & gt; & Lt; Hours / & gt; & Lt;% @ included file = "body.jsp"%> & Lt; Hours / & gt; & Lt;% @ include file = "footer.jsp"% & gt; & Lt; / Body & gt; And, in body.jsp , I should have it like this: & lt; Jsp: include page = "$ {Application_modul}"%> Where application_modul is an attribute defined in its controller: request.setAttribute ("application_modul", "USER_ACCOUNT \\ ' View_user_account.jsp "); This file can be found properly, but the processed JSP does
    Read more