简体繁体 English

自我更新PHP + MySQL应用程序的最佳实践是什么？

[英]What are best practices for self-updating PHP+MySQL applications?

原文 2009-04-07 00:58:47 1 7 php/ mysql/ security/ upgrade

It is pretty standard practice now for desktop applications to be self-updating. 现在，桌面应用程序可以自我更新，这是非常标准的做法。 On the Mac, every non-Apple program that uses Sparkle in my book is an instant win. 在Mac上，在我的书中使用Sparkle的每个非Apple程序都是即时获胜。 For Windows developers, this has already been discussed at length . 对于Windows开发人员，已经详细讨论过这个问题。 I have not yet found information on self-updating web applications, and I hope you can help. 我还没有找到有关自我更新的Web应用程序的信息，我希望您能提供帮助。

I am building a web application that is meant to be installed like Wordpress or Drupal - unzip it in a directory, hit some install page, and it's ready to go. 我正在构建一个像Wordpress或Drupal一样安装的Web应用程序 - 将其解压缩到一个目录中，点击一些安装页面，它就可以了。 In order to have broad server compatibility, I've been asked to use PHP and MySQL -- is that **MP? 为了获得广泛的服务器兼容性，我被要求使用PHP和MySQL - 那是** MP吗？ In any event, it has to be broadly cross-platform. 无论如何，它必须是广泛的跨平台。 For context, this is basically a unified web messaging application for small businesses. 对于上下文，这基本上是针对小型企业的统一Web消息传递应用程序。 It's not another CMS platform, think webmail. 它不是另一个CMS平台，想想网络邮件。

I want to know about self-updating web applications. 我想了解自我更新的Web应用程序。 First of all, (1) is this a bad idea? 首先，（1）这是一个坏主意吗？ As of Wordpress 2.7 the automatic update is a single button, which seems easy, and yet I can imagine so many ways this could go terribly, terribly wrong. 从Wordpress 2.7开始，自动更新只是一个按钮，看起来很简单，但我可以想象这么多的方式可能会非常糟糕，非常错误。 Also, isn't the idea that the web files are writable by the web process a security hole? 另外，网络进程是不是可以写入安全漏洞的想法？

(2) Is it worth the development time? （2）开发时间值得吗？ There are probably millions of WP installs in the world, so it's probably worth the time it took the WP team to make it easy, saving millions of man hours worldwide. 世界上可能有数百万个WP安装，所以值得花时间让WP团队轻松实现，在全球范围内节省数百万工时。 I can only imagine a few thousand installs of my software -- is building self-upgrade worth the time investment, or can I assume that users sophisticated enough to download and install web software in the first place could go through an upgrade checklist? 我只能想象几千个我的软件安装 - 正在构建自我升级值得花时间投资，还是我可以假设用户足够先进，下载和安装网络软件可以通过升级核对清单？

If it's not a security disaster or waste of time, then (3) I'm looking for suggestions from anyone who has done it before. 如果这不是安全灾难或浪费时间，那么（3）我正在寻找任何以前做过的人的建议。 Do you keep a version table in your database? 你在数据库中保留了一个版本表吗？ How do you manage DB upgrades? 你如何管理数据库升级？ What method do you use for rolling back a partial upgrade in the context of a self-updating web application? 在自我更新的Web应用程序的上下文中，您使用什么方法回滚部分升级？ Did using an ORM layer make it easier or harder? 使用ORM层是否更容易或更难？ Do you keep a delta of version changes or do you just blow out the whole thing every time? 你是否保留了版本变化的三角形，或者你每次只是吹灭整个事物？

I appreciate your thoughts on this. 我很感激你对此的看法。

7 个解决方案

Frankly, it really does depend on your userbase. 坦率地说，它确实取决于您的用户群。 There are tons of PHP applications that don't automatically upgrade themselves. 有大量PHP应用程序不会自动升级。 Their users are either technical enough to handle the upgrade process, or just don't upgrade. 他们的用户要么技术足以处理升级过程，要么就是不升级。

I purpose two steps: 我的目的是两个步骤：

1) Seriously ask yourself what your users are likely to really need. 1）认真地问自己用户可能真正需要什么。 Will self-updating provide enough of a boost to adoption to justify the additional work? 自我更新是否足以提高采用率以证明额外工作的合理性？ If you're confident the answer is yes, just do it. 如果您确信答案是肯定的，那就去做吧。

Since you're asking here, I'd guess that you don't know yet. 既然你在这里问，我猜你还不知道。 In that case, I purpose step 2: 在那种情况下，我的目的是第2步：

2) Release version 1.0 without the feature. 2）发布没有该功能的1.0版。 Wait for user feedback. 等待用户反馈。 Your users may immediately cry for a simpler upgrade process, in which case you should prioritize it. 您的用户可能会立即为更简单的升级过程而哭泣，在这种情况下您应该优先考虑它。 Alternately, you may find that your users are much more concerned with some other feature. 或者，您可能会发现您的用户更关心其他一些功能。

Guessing at what your users want without asking them is a good way to waste a lot of development time on things people don't actually need. 在不询问用户的情况下猜测用户的需求是一种浪费大量开发时间的好方法。

Yes it would be a security feature if PHP went and overwrote its files from some place on the internet with no warning. 是的，如果PHP在没有任何警告的情况下从互联网上的某个地方覆盖并覆盖其文件，那将是一个安全功能。 There's no guarantee that the server is connecting correctly to your update server (it might download someone code crafted by someone else if DNS poisoning occured) - giving someone else access to your client's data. 无法保证服务器正确连接到您的更新服务器（如果发生DNS中毒，它可能会下载其他人制作的代码） - 让其他人访问您客户的数据。 Therefore digital signing would be important. 因此，数字签名很重要。

The user could control updates by setting permissions on the web directory so that PHP only has read access to the files - this procedure could simply be documented with your program. 用户可以通过在Web目录上设置权限来控制更新，以便PHP只具有对文件的读访问权限 - 此过程可以简单地记录在您的程序中。

One question remains (I really don't know the answer to): can PHP overwrite files if it's currently using them (eg if the update.php file itself needed to be updated)? 还有一个问题（我真的不知道答案）：如果文件正在使用它们，PHP是否会覆盖文件（例如，如果需要更新update.php文件本身）？ Worth testing. 值得测试。

I've been thinking about this lately in regards to database schema changes. 最近我一直在考虑数据库模式的变化。 At the moment I'm digging into WordPress to see how they've handled database changes between revisions. 目前我正在深入研究WordPress以了解他们如何处理修订版之间的数据库更改。 Here's what I've found so far: 这是我到目前为止所发现的：

$wp_db_version is loaded from wp-includes/version.php . $wp_db_version是从wp-includes/version.php加载的。 This variable corresponds to a Subversion revision number, and is updated when wp-admin/includes/schema.php is changed. 此变量对应于Subversion修订版号，并在更改wp-admin/includes/schema.php时更新。 (Possibly through a hook? I'm not sure.) When wp-admin/admin.php is loaded, the WordPress option named db_version is read from the database. （可能通过钩子？我不确定。）当加载wp-admin/admin.php ，从数据库中读取名为db_version的WordPress选项。 If this number is not equal to $wp_db_version , wp-admin/upgrade.php is loaded. 如果此数字不等于$wp_db_version ，则加载wp-admin/upgrade.php 。

wp-admin/includes/upgrade.php includes a function called dbDelta() . wp-admin/includes/upgrade.php包含一个名为dbDelta()的函数。 dbDelta() scans $wp_queries (a string of SQL queries that will create the most recent database schema from scratch) and compares it to the schema in the database, altering the tables as necessary so that the schema is brought up-to-date. dbDelta()扫描$wp_queries （将从头开始创建最新数据库模式的一串SQL查询）并将其与数据库中的模式进行比较，根据需要更改表，以使模式保持最新。

upgrade.php then runs a function called upgrade_all() which runs specific upgrade_NNN() functions if $wp_db_version is less than target values. upgrade.php然后运行一个名为upgrade_all() upgrade_NNN()函数，如果$wp_db_version小于目标值，它将运行特定的upgrade_NNN()函数。 (ie. upgrade_250() , the WordPress 2.5.0 upgrade, will be run if the database version is less than 7499.) Each of these functions run their own data migration and population procedures, some of which are called during the initial database setup script. （即，如果数据库版本小于7499，将运行WordPress 2.5.0升级的upgrade_250() 。 upgrade_250()这些函数中的每一个都运行自己的数据迁移和填充过程，其中一些在初始数据库设置期间调用脚本。 Nicely cuts down on duplicate code. 很好地减少了重复的代码。

So, that's one way to do it. 所以，这是一种方法。

I suppose you've already ruled this out, but you could host it as a service. 我想你已经排除了这一点，但你可以将它作为一项服务托管。 (Think wordpress.com) （想想wordpress.com）

I'd suggest that you package your application with pear and set up a channel . 我建议您使用pear打包应用程序并设置一个频道。 Your users can then upgrade the application through a standard interface (pear). 然后，您的用户可以通过标准界面（pear）升级应用程序。 It's not entirely automatic (unless the users have some kind of automation running on top of pear), but it's standard, so any sysadmin can maintain it. 它不是完全自动的（除非用户在梨上运行某种自动化），但它是标准的，因此任何系统管理员都可以维护它。

I think your best option is an update checking mechanism that will alert the administrator when there are update(s). 我认为您最好的选择是更新检查机制，它会在有更新时提醒管理员。

As you mention, there are a number of potential security problems. 如您所述，存在许多潜在的安全问题。 Due to those alone, I would suggest not doing this. 由于这些，我建议不要这样做。 Instead, try creating a fairly smart upgrading script. 相反，尝试创建一个相当智能的升级脚本。

Just my 2 cents: I'd consider an automatically self updating application within my CMS as a security hole, so if you decide to code this feature, you should consider to implement different levels of this behavior: 只需我2美分：我认为CMS中的自动更新应用程序是一个安全漏洞，所以如果你决定编写这个功能，你应该考虑实现这种行为的不同级别：