Yahoo

Views:
 
Category: Education
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

PowerPoint Presentation:

1 PHP at Yahoo !

Outline:

2 Outline Yahoo!, as seen by an engineer Choosing PHP in 2002 PHP architecture at Yahoo!

The Internet’s most trafficked site:

3 The Internet’s most trafficked site

25 countries, 13 languages:

4 25 countries, 13 languages

Yahoo! by the Numbers:

5 Yahoo! by the Numbers 411M unique visitors per month 191M active registered users 11.4M fee-paying customers 3.4B average daily pageviews October 2005

PowerPoint Presentation:

6

Engineering Values:

7 Engineering Values Security & Privacy We must protect our customers’ information High Availability If the site is offline, we’re missing the opportunity to serve our customers Performance We serve billions of pageviews a day Flexibility & Innovation Customize site for each market Rapid development of new features

From Proprietary to Open Source:

8 From Proprietary to Open Source 94 95 96 97 98 99 00 01 02 03 04 05 Web Server Apache “Filo Server” Web Lang yScript DB Flat Files

Choosing a Language:

9 Choosing a Language How and Why We Selected PHP

Choosing PHP: brief history:

10 Choosing PHP: brief history October 2001: 3 proprietary languages Costly to continue to maintain each Limited features (no subroutines!) Committee began researching Compare features, performance Build vs. Buy vs. Open Source PHP selected May 2002

Ideal Language Criteria:

11 Ideal Language Criteria High performance Robust, sand-boxed Language features Loops, conditionals Complex data-types C/C++ extensions Runs on FreeBSD Interpreted or dynamically compiled i18n support Clean separation of presentation/content/app semantics Low training costs Doesn’t require CS degree to use

Top 10 Language Choices:

12 Top 10 Language Choices mod_include XSLT yScript

Performance: Requests:

13 Performance: Requests mod_perl yScript

Performance: Memory:

14 Performance: Memory mod_perl yScript

Why we picked PHP:

15 Why we picked PHP Designed for web scripting High performance Large, Open Source community Documentation, easy to hire developers “Code-in-HTML” paradigm <html> <?php echo "Hello World" ; ?> </html> Integration, libraries, extensibility Tools: IDE, debugger, profiler

PHP at Yahoo! Today:

16 PHP at Yahoo! Today

Yahoo!’s Development Methodology:

17 Yahoo!’s Development Methodology Server Architecture File Layout Dependency Management Security Performance Globalization

Server Architecture:

18 User Profile Server web server Server Architecture web server Web Server Scripts Load Balancer Ad Server Web Services Apache

File Layout:

19 File Layout HTML Templates /usr/local/share/htdocs/*.php Template Helpers /usr/local/share/htdocs/*.inc Business Logic /usr/local/share/pear/*.inc C/C++ Core Code Data access, Networking, Crypto 50% HTML 50% PHP 0% HTML 100% PHP 0% HTML 0% PHP 95% HTML 5% PHP

Dependency Management:

20 Dependency Management Base PHP package depends only on XML parser ./configure --disable-all Self-Contained Extensions mysql, dba, curl, ldap, pcre, gd, iconv To enable Install /usr/local/lib/php/20020429/mysql.so Add “ extension = mysql.so ” to php.ini Avoids unnecessary dependencies Smaller Apache memory footprint

Security: INI Settings:

21 Security: INI Settings open_basedir Insurance against /etc/passwd exploits allow_url_fopen = Off Use libcurl extension instead Avoid open proxy exploits display_errors = Off However, log_errors = On safe_mode = Off Intended for shared hosting environment

Security: Input Filtering:

22 Security: Input Filtering http://search.yahoo.com/search?p=<script+src=http://evil.com/x.js> Cross Site Scripting (XSS) most common attack Also “SQL Injection” Normal approach strip_tags() mysqli_escape_string() Examine every line code Tedious and error-prone Use input_filter hook Sanitize all user-submitted data GET/POST/Cookie

Performance: Opcode Caches:

23 Performance: Opcode Caches Easiest performance boost Cache parsed .php scripts in shared memory Optimizations No code modifications! Several products available Zend Performance Suite APC Turck MMCache

Performance: PHP Extensions in C++:

24 Performance: PHP Extensions in C++ PHP ships with 80 extensions written in C/C++ Yahoo! develops its own proprietary extensions Fast execution speed Access to client libraries Longer development cycle Edit, compile, link, debug Manual memory-management

Globalization: PHP Unicode:

25 Globalization: PHP Unicode Native Unicode support in 2006 Collaborative effort Andrei Zmievski (Yahoo!) Andi Gutmans (Zend) Many members of PHP Community + + ICU = 6

Source : Yahoo:

Source : Yahoo 26

authorStream Live Help