PowerPoint Presentation: 1 PHP at Yahoo !
Outline: 2 Outline Yahoo!, as seen by an engineer Choosing PHP in 2002 PHP architecture at Yahoo!
The Internet’s most trafficked site: 3 The Internet’s most trafficked site
25 countries, 13 languages: 4 25 countries, 13 languages
Yahoo! by the Numbers: 5 Yahoo! by the Numbers 411M unique visitors per month 191M active registered users 11.4M fee-paying customers 3.4B average daily pageviews October 2005
PowerPoint Presentation: 6
Engineering Values: 7 Engineering Values Security & Privacy We must protect our customers’ information High Availability If the site is offline, we’re missing the opportunity to serve our customers Performance We serve billions of pageviews a day Flexibility & Innovation Customize site for each market Rapid development of new features
From Proprietary to Open Source: 8 From Proprietary to Open Source 94 95 96 97 98 99 00 01 02 03 04 05 Web Server Apache “Filo Server” Web Lang yScript DB Flat Files
Choosing a Language: 9 Choosing a Language How and Why We Selected PHP
Choosing PHP: brief history: 10 Choosing PHP: brief history October 2001: 3 proprietary languages Costly to continue to maintain each Limited features (no subroutines!) Committee began researching Compare features, performance Build vs. Buy vs. Open Source PHP selected May 2002
Ideal Language Criteria: 11 Ideal Language Criteria High performance Robust, sand-boxed Language features Loops, conditionals Complex data-types C/C++ extensions Runs on FreeBSD Interpreted or dynamically compiled i18n support Clean separation of presentation/content/app semantics Low training costs Doesn’t require CS degree to use
Top 10 Language Choices: 12 Top 10 Language Choices mod_include XSLT yScript
Performance: Requests: 13 Performance: Requests mod_perl yScript
Performance: Memory: 14 Performance: Memory mod_perl yScript
Why we picked PHP: 15 Why we picked PHP Designed for web scripting High performance Large, Open Source community Documentation, easy to hire developers “Code-in-HTML” paradigm <html> <?php echo "Hello World" ; ?> </html> Integration, libraries, extensibility Tools: IDE, debugger, profiler
PHP at Yahoo! Today: 16 PHP at Yahoo! Today
Yahoo!’s Development Methodology: 17 Yahoo!’s Development Methodology Server Architecture File Layout Dependency Management Security Performance Globalization
Server Architecture: 18 User Profile Server web server Server Architecture web server Web Server Scripts Load Balancer Ad Server Web Services Apache
File Layout: 19 File Layout HTML Templates /usr/local/share/htdocs/*.php Template Helpers /usr/local/share/htdocs/*.inc Business Logic /usr/local/share/pear/*.inc C/C++ Core Code Data access, Networking, Crypto 50% HTML 50% PHP 0% HTML 100% PHP 0% HTML 0% PHP 95% HTML 5% PHP
Dependency Management: 20 Dependency Management Base PHP package depends only on XML parser ./configure --disable-all Self-Contained Extensions mysql, dba, curl, ldap, pcre, gd, iconv To enable Install /usr/local/lib/php/20020429/mysql.so Add “ extension = mysql.so ” to php.ini Avoids unnecessary dependencies Smaller Apache memory footprint
Security: INI Settings: 21 Security: INI Settings open_basedir Insurance against /etc/passwd exploits allow_url_fopen = Off Use libcurl extension instead Avoid open proxy exploits display_errors = Off However, log_errors = On safe_mode = Off Intended for shared hosting environment
Security: Input Filtering: 22 Security: Input Filtering http://search.yahoo.com/search?p=<script+src=http://evil.com/x.js> Cross Site Scripting (XSS) most common attack Also “SQL Injection” Normal approach strip_tags() mysqli_escape_string() Examine every line code Tedious and error-prone Use input_filter hook Sanitize all user-submitted data GET/POST/Cookie
Performance: Opcode Caches: 23 Performance: Opcode Caches Easiest performance boost Cache parsed .php scripts in shared memory Optimizations No code modifications! Several products available Zend Performance Suite APC Turck MMCache
Performance: PHP Extensions in C++: 24 Performance: PHP Extensions in C++ PHP ships with 80 extensions written in C/C++ Yahoo! develops its own proprietary extensions Fast execution speed Access to client libraries Longer development cycle Edit, compile, link, debug Manual memory-management
Globalization: PHP Unicode: 25 Globalization: PHP Unicode Native Unicode support in 2006 Collaborative effort Andrei Zmievski (Yahoo!) Andi Gutmans (Zend) Many members of PHP Community + + ICU = 6
Source : Yahoo: Source : Yahoo 26