简体繁体 English

高流量网站的PHP安全性

[英]PHP Security for high traffic websites

原文 2010-09-28 14:52:09 5 3 php/ security

How can a website build in PHP (like Facebook) can be so fast and (sorry if I'm wrong) secure ? 用PHP建立的网站（如Facebook）如何如此快速且安全（如果我错了，抱歉）？

Do they use their own compiled version ? 他们使用自己的编译版本吗？ What kind special techniques do you guys think they use? 你们认为他们使用哪种特殊技术？

What config do we need to have to make PHP viable for huge scale project? 为了使PHP在大规模项目中可行，我们需要什么配置？

3 个解决方案

That have a PHP compiler that transforms PHP into C++ (Hip-Hop), this is one big improvement. 拥有一个将PHP转换为C ++（Hip-Hop）的PHP编译器，这是一个很大的改进。 They also have written there entire backend in C++ (transport data through Apache Thrift) and built Cassandra. 他们还在那里用C ++编写了整个后端（通过Apache Thrift传输数据）并构建了Cassandra。

I don't think their PHP necessarily has any specific security tools (or I haven't any seen any of them). 我认为他们的PHP不一定具有任何特定的安全工具（或者我从未见过它们）。 Speaking for experience with Thrift, it helps when both frontend/backend understand exploits and both work to ensure there are no issues. 说到使用Thrift的经验，当前端/后端都了解漏洞利用并且两者都能确保没有问题时，它会有所帮助。

All of these things have helped alot, check our High Scalability for more information about scaling your stack 所有这些都帮助很大，请查看我们的High Scalability ，以获取有关扩展堆栈的更多信息。

This sounds like a question born of the stigma that has stuck to PHP that it is some how inherently insecure. 这听起来像是一个问题，这个问题源于对PHP的污名化，这在本质上是不安全的。 PHP is flexible which allows developers to write bad, insecure code if that's all they know how to do. PHP是灵活的，如果开发人员只知道该怎么做，则允许开发人员编写错误的，不安全的代码。

Many, many large website and web apps are written in PHP. 许多大型网站和Web应用程序都是用PHP编写的。 The key is knowing how to write code securely from the ground up. 关键是要知道如何从头开始安全地编写代码。 I'm sure Facebook has hired talented programmers who are trained on security. 我确信Facebook已经聘请了经过安全培训的才华横溢的程序员。

Bad or insecure code is the fault of the programmer, not PHP. 错误或不安全的代码是程序员的错，而不是PHP。

我强烈建议您阅读：开发人员在建立公共网站之前应了解什么？