7. Nov. 2008

Working with LAMP (Linux, Apache, MySQL and PHP) Applications we sooner or later do run into the need to change our actual runtime environment for it. Mostly based on specific PHP settings an application does need to be able to run first, we have to specify, change or increase PHP default settings, but do feel somewhat handicapped within a shared hosting environment. Usually Admins there do not allow everybody allow to modify or hack their central configuration files on the server.

But also for this situation clever developers have thought about a trick to help their community to overcome such hassle.

As a matter of fact it is possible to change PHP configuration settings within .htaccess very easily for everyone.

For example it is possible to

Prevent Global Variable Injection Attacks with:

    • php_flag register_globals off

    Prevent Cross Site Scripting (XSS) Attacks with:

      • php_flag allow_url_fopen off

      Prevent Code Injection Attacks with:

        • php_flag magic_quotes_gpc on

        To do so

        1. Open the .htaccess file located in your site’s home directory, or if you don’t have one, create a blank one now.

        2. Add any of the following code samples to your .htaccess file, each on it’s own line.

        5. Nov. 2008

        With  AllowOverride set to ALL, Web Administrators and Hosting Provider do gives their customers a powerfull to customize Apache fitting to all their personal needs.

        Running with this setting, Apache is looking for individual settings specified within a file .htaccess on a per directory basis. This means every folder below our webroot can have individual and different settings for sure.

        Mostly this feature is used to enable and enforce access restrictions, but also can be used to build up static multilingual websites as well. Doing so we have to enable need to enable MultiViews within .htaccess file.

        A basic example of such a .htaccess file would be:

        Options +MultiViews
        AddLanguage de de
        AddLanguage en en
        LanguagePriority de en

        Having MultiViews enabled we can add special language extensions to the filename (e.q. index.html.en), helping Apache to identified the correct file containing content in the language requested by the client. So a webbrowser requesting pages in German language and asking an Apache (runing on English language) for a page index.html would automatically get served with a page index.html.de while index.html.en or index.html would be the automatic fallback in case this German page would not be present.

        So the basic idea is just to double your webpages having one specific page in every needed language defined by it’s language specific filename extention.

        4. Nov. 2008

        Sooner or later with a permanent growing database we will end up in a situation that our night isn’t just long enough anymore to backup our database completely.

        Now you might wonder about what size of database I’m talking about right now. But seriously, database at a size of several terrabyte are nothing uncommon today anymore. Especially when it comes to SAP or similar applications working on them databases can grow exceptional sizes..

        The Oracle Database Version 10g now comes along with some new feature helping us to deal with that situation. It is a feature called Block Change Tracking and marks down all modified database blocks changed by all transactions within an additional external file.

        When a commit is issued against a data block, the block change tracking information is copied to a shared area in Large Pool called the CTWR buffer and during the next checkpoint, the CTWR process writes down the information from the CTWR RAM buffer to the former defined change-tracking file.

        Now doing an incremental backup with Oracle 10g, RMAN has a mechanism to identify and bypass those data blocks which have not changed by just easily following the list of changed blocks within this file.

        The syntax for Oracle block level change tracking is simple:

            ALTER DATABASE
            ENABLE BLOCK CHANGE TRACKING
            USING FILE os_file_name;

        By default, Oracle does not record block change information!

        To enable this feature, we need to issue the following command:

        SQL> alter database enable block change tracking;

        To disable this feature, we issue this command:

        SQL> alter database disable block change tracking;

        So it’s an absolutely easy to configure mechanism, being able to speed up our nightly incremental backups dramatically. Leaving the full backups for the weekends, customers then hopefully don’t mind.

        The only thing we have to be aware about is the space this file later on will need to get written. Based on our databases transaction load this change-tracking file can reach some serious size for sure.

        « previousnext »