November 24, 2009

Denial of Service in PHP

It was about time, that the PHP team finally included a max_file_uploads directive to limit the number of file upload per request (default is of 20). (cf.http://www.php.net/ChangeLog-5.php#5.3.1) Until PHP 5.3.1, it was possible to send an X number of file upload request thus creating an X amount of temporary file on the targeted system.. which would cause the web server to crash and the system to overload. PHP-suhosin has already a max upload option “suhosin. ... Read more

October 6, 2008

10 tips to optimize your PHP code

if you were to use between print or echo… use echo (Echo is known to be faster than print) when doing string searches or action, do not simply/quickly jump on regex, but first have a look at php api’s string functions such as strpbrk, stripos etc.. Display smart error messages… A lot of young developers like to display a custom error or show systems errors whenever something break. Although it is good practice to alert the user of any error, keep in mind printing Error cost a lot in resources. ... Read more