Archive for the ‘Open-source’ Category
Check whether your web server is correctly configured
Last year Zone-H reported a record number of 1.5 million websites defacements. 1 million of those websites where running Apache.
When it comes to configuring a web server, some people tend to turn everything on by default. Developers are happy because the functionality that they wanted is available without any extra configuration, and there is a reduction in support calls due to functionality not working out-of-the-box. This has proven to be a major source of problems for security in general. A web server should start off with total restriction and then access rights should be applied appropriately.
You can check whether your web server is correctly configured by using Nikto, a great open source vulnerability scanners that is able to scan for quite a large number of web server vulnerabilities. From their site:
“Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.”
I’m going to run a default scan by just supplying the IP of the target:
$ cd nikto-2.1.4 $ ./nikto.pl -h 127.0.0.1 - ***** SSL support not available (see docs for SSL install) ***** - Nikto v2.1.4 --------------------------------------------------------------------------- + Target IP: 127.0.0.1 + Target Hostname: localhost.localdomain + Target Port: 80 + Start Time: 2011-12-12 13:06:59 --------------------------------------------------------------------------- + Server: Apache + No CGI Directories found (use '-C all' to force check all possible dirs) + 6448 items checked: 0 error(s) and 0 item(s) reported on remote host + End Time: 2011-12-12 13:08:07 (68 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
By looking at the last section of the Nikto report, I can see that there are no issues that need to be addressed.
Tools like Nikto and Skipfish serve as a foundation for professional web application security assessments. Remember, the more tools you use, the better.
Links
JavaScript: Retrieve and paginate JSON-encoded data
I’ve created a jQuery plugin that allows you to retrieve a large data set in JSON format from a server script and load the data into a list or table with client side pagination enabled. To use this plugin you need to:
Include jquery.min.js and jquery.paginate.min.js in your document:
<script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.paginate.min.js"></script>
Include a small css to skin the navigation links:
<style type="text/css">
a.disabled {
text-decoration: none;
color: black;
cursor: default;
}
</style>
Define an ID on the element you want to paginate, for example: “listitems”. If you have a more than 10 child elements and you want to avoid displaying them before the javascript is executed, you can set the element as hidden by default:
<ul id="listitems" style="display:none"></ul>
Place a div in the place you want to display the navigation links:
<div id="listitems-pagination" style="display:none">
<a id="listitems-previous" href="#" class="disabled">« Previous</a>
<a id="listitems-next" href="#">Next »</a>
</div>
Finally, include an initialization script at the bottom of your page like this:
<script type="text/javascript">
$(document).ready(function() {
$.getJSON('data.json', function(data) {
var items = [];
$.each(data.items, function(i, item) {
items.push('<li>' + item + '</li>');
});
$('#listitems').append(items.join(''));
$('#listitems').paginate({itemsPerPage: 5});
});
});
</script>
You can fork the code on GitHub or download it.
Building a RESTful Web API with PHP and Apify
Apify is a small and powerful open source library that delivers new levels of developer productivity by simplifying the creation of RESTful architectures. You can see it in action here. Web services are a great way to extend your web application, however, adding a web API to an existing web application can be a tedious and time-consuming task. Apify takes certain common patterns found in most web services and abstracts them so that you can quickly write web APIs without having to write too much code.
Apify exposes similar APIs as the Zend Framework, so if you are familiar with the Zend Framework, then you already know how to use Apify. Take a look at the UsersController class.
Building a RESTful Web API
In Apify, Controllers handle incoming HTTP requests, interact with the model to get data, and direct domain data to the response object for display. The full request object is injected via the action method and is primarily used to query for request parameters, whether they come from a GET or POST request, or from the URL.
Creating a RESTful Web API with Apify is easy. Each action results in a response, which holds the headers and document to be sent to the user’s browser. You are responsible for generating the response object inside the action method.
class UsersController extends Controller
{
public function indexAction($request)
{
// 200 OK
return new Response();
}
}
The response object describes the status code and any headers that are sent. The default response is always 200 OK, however, it is possible to overwrite the default status code and add additional headers:
class UsersController extends Controller
{
public function indexAction($request)
{
$response = new Response();
// 401 Unauthorized
$response->setCode(Response::UNAUTHORIZED);
// Cache-Control header
$response->setCacheHeader(3600);
// ETag header
$response->setEtagHeader(md5($request->getUrlPath()));
// X-RateLimit header
$limit = 300;
$remaining = 280;
$response->setRateLimitHeader($limit, $remaining);
// Raw header
$response->addHeader('Edge-control: no-store');
return $response;
}
}
Content Negotiation
Apify supports sending responses in HTML, XML, RSS and JSON. In addition, it supports JSONP, which is JSON wrapped in a custom JavaScript function call. There are 3 ways to specify the format you want:
- Appending a format extension to the end of the URL path (.html, .json, .rss or .xml)
- Specifying the response format in the query string. This means a format=xml or format=json parameter for XML or JSON, respectively, which will override the Accept header if there is one.
- Sending a standard Accept header in your request (text/html, application/xml or application/json).
The acceptContentTypes method indicates that the request only accepts certain content types:
class UsersController extends Controller
{
public function indexAction($request)
{
// only accept JSON and XML
$request->acceptContentTypes(array('json', 'xml'));
return new Response();
}
}
Apify will render the error message according to the format of the request.
class UsersController extends Controller
{
public function indexAction($request)
{
$request->acceptContentTypes(array('json', 'xml'));
$response = new Response();
if (! $request->hasParam('api_key')) {
throw new Exception('Missing parameter: api_key', Response::FORBIDDEN);
}
$response->api_key = $request->getParam('api_key');
return $response;
}
}
Request
GET /users.json
Response
Status: 403 Forbidden
Content-Type: application/json
{
"code": 403,
"error": {
"message": "Missing parameter: api_key",
"type": "Exception"
}
}
Resourceful Routes
Apify supports REST style URL mappings where you can map different HTTP methods, such as GET, POST, PUT and DELETE, to different actions in a controller. This basic REST design principle establishes a one-to-one mapping between create, read, update, and delete (CRUD) operations and HTTP methods:
| HTTP Method | URL Path | Action | Used for |
| GET | /users | index | display a list of all users |
| GET | /users/:id | show | display a specific user |
| POST | /users | create | create a new user |
| PUT | /users/:id | update | update a specific user |
| DELETE | /users/:id | destroy | delete a specific user |
If you wish to enable RESTful mappings, add the following line to the index.php file:
try {
$request = new Request();
$request->enableUrlRewriting();
$request->enableRestfulMapping();
$request->dispatch();
} catch (Exception $e) {
$request->catchException($e);
}
The RESTful UsersController for the above mapping will contain 5 actions as follows:
class UsersController extends Controller
{
public function indexAction($request) {}
public function showAction($request) {}
public function createAction($request) {}
public function updateAction($request) {}
public function destroyAction($request) {}
}
By convention, each action should map to a particular CRUD operation in the database.
Building a Web Application
Building a web application can be as simple as adding a few methods to your controller. The only difference is that each method returns a view object.
class PostsController extends Controller
{
/**
* route: /posts/:id
*
* @param $request Request
* @return View|null
*/
public function showAction($request)
{
$id = $request->getParam('id');
$post = $this->getModel('Post')->find($id);
if (! isset($post->id)) {
return $request->redirect('/page-not-found');
}
$view = $this->initView();
$view->post = $post;
$view->user = $request->getSession()->user
return $view;
}
/**
* route: /posts/create
*
* @param $request Request
* @return View|null
*/
public function createAction($request)
{
$view = $this->initView();
if ('POST' !== $request->getMethod()) {
return $view;
}
try {
$post = new Post(array(
'title' => $request->getPost('title'),
'text' => $request->getPost('text')
));
} catch (ValidationException $e) {
$view->error = $e->getMessage();
return $view;
}
$id = $this->getModel('Post')->save($post);
return $request->redirect('/posts/' . $id);
}
}
The validation is performed inside the Post entity class. An exception is thrown if any given value causes the validation to fail. This allows you to easily implement error handling for the code in your controller.
Entity Class
You can add validation to your entity class to ensure that the values sent by the user are correct before saving them to the database:
class Post extends Entity
{
protected $id;
protected $title;
protected $text;
// sanitize and validate title (optional)
public function setTitle($value)
{
$value = htmlspecialchars(trim($value), ENT_QUOTES);
if (empty($value) || strlen($value) < 3) {
throw new ValidationException('Invalid title');
}
$this->title = $title;
}
// sanitize text (optional)
public function setText($value)
{
$this->text = htmlspecialchars(strip_tags($value), ENT_QUOTES);
}
}
Routes
Apify provides a slimmed down version of the Zend Framework router:
$routes[] = new Route('/posts/:id',
array(
'controller' => 'posts',
'action' => 'show'
),
array(
'id' => '\d+'
)
);
$routes[] = new Route('/posts/create',
array(
'controller' => 'posts',
'action' => 'create'
)
);
HTTP Request
GET /posts/1
Incoming requests are dispatched to the controller “Posts” and action “show”.
Feedback
- If you encounter any problems, please use the issue tracker.
- For updates follow @fedecarg on Twitter.
- If you like Apify and use it in the wild, let me know.
NoSQL solutions: Membase, Redis, CouchDB and MongoDB
Each database has specific use cases and every solution has a sweet spot in terms of data, hardware, setup and operation. Here are some of the most popular key-value and document data stores:
Key-value
- Developed by members of the memcached core team.
- Simple (key value store), fast (low, predictable latency) and elastic (effortlessly grow or shrink a cluster).
- Extensions are possible through a plug-in architecture (full-text search, backup, etc).
- Supports Memcached ASCII and Binary protocols (uses existent Memcached libraries and clients).
- Guarantees data consistency.
- High-speed failover (server failures recoverable in under 100ms).
- User management, alerts and logging and audit trail.
- Developed by Salvatore Sanfilippo and acquired by VMWare in 2010.
- Very fast. Non-blocking I/O. Single threaded.
- Data is held in memory but can be persisted by written to disk asynchronously.
- Values can be strings, lists or sets.
- Built-in support for master/slave replication.
- Distributes the dataset across multiple Redis instances.
Document-oriented
The major benefit of using a document database comes from the fact that while it has all the benefits of a key/value store, you aren’t limited to just querying by key. However, documented-oriented databases and MapReduce aren’t appropriate for every situation.
- High read performance.
- Supports bulk inserts.
- Good for consistent master-master replica databases that are geographically distributed and often offline.
- Good for intense versioning.
- Android, MeeGo and WebOS include services for syncing locally stored data with a CouchDB non-relational database in the cloud.
- Better than MongoDB at durability.
- Uses REST as its interface to the database. It doesn’t have “queries” but instead uses “views”.
- Makes heavy use of the file system cache (so more RAM is always better).
- The database must be compacted periodically.
- Conflicts on transactions must be handled by the programmer manually (e.g. if someone else has updated the document since it was fetched, then CouchDB relies on the application to resolve versioning issues).
- Scales through asynchronous replication but lacks an auto-sharding mechanism. Reads are distributed to any server while writes must be propagated to all servers.
- High write performance. Good for systems with very high update rates.
- It has the flexibility to replace a relational database in a wider range of scenarios.
- Supports auto-sharding.
- More oriented towards master/slave replication.
- Compaction of the database is not necessary.
- Both CouchDB and MongoDB support map/reduce operations.
- Supports dynamic ad hoc queries via a JSON-style query language.
- The pre-filtering provided by the query attribute doesn’t have a direct counterpart in CouchDB. It also allows post-filtering of aggregated values.
- Relies on language-specific database drivers for access to the database.
Links
- NoSQL Patterns by Ricky Ho
- Redis interactive tutorial
- Redis tutorial by Simon Willison (NoSQL Europe Conference)
- MongoDB interactive tutorial
OSCON 2010, The O’Reilly Open Source Convention
A couple of weeks ago I attended the O’Reilly Open Source Convention (OSCON) in Portland. OSCON has hundreds of sessions and activities focused on all aspects of open source software. I met some great people, the talks were good and I saw some promising ideas and technologies.
Workshops attended
- Android for Java Developers
Marko Gargenta (Marakana) - Building a NoSQL Data Cloud
Krishna Sankar (Cisco Systems Inc) - Building Native Mobile Apps Using Open Source
Kevin Whinnery (Appcelerator)
Sessions attended
- Building Mobile Apps with HTML, CSS, and JavaScript
Jonathan Stark (Jonathan Stark Consulting) - Open Source Tool Chains for Cloud Computing
Mark Hinkle (Zenoss), John Willis (Opscode, Inc.), Alex Honor - Doctor, I Have a Problem with My Innovation.
Rolf Skyberg (eBay, Inc.) - Ingex: Bringing Open Source to the Broadcast Industry
By Brendan Quinn (BBC R&D) - membase.org: The Simple, Fast, Elastic NoSQL Database
Matt Ingenthron (NorthScale, Inc.) - Introducing WebM: High Quality, Royalty-Free, Open Source Video
John Koleszar (Google, Inc.) - Whiskey, Tango, Foxtrot: Understanding API Activity
Clay Loveless (Mashery) - Deploying an Open Source Private Cloud On a Shoe String Budget
Louis Danuser (AT&T Labs, Inc.) - Eucalyptus: The Open Source Infrastructure for Cloud Computing
Shashi Mysore (Eucalyptus Systems Inc.) - Hadoop, Pig, and Twitter
Kevin Weil (Twitter, Inc.) - Mahout: Mammoth Scale Machine Learning
Robin Anil (Apache Software Foundation) - BlackBerry development for Web Application Developers
Kevin Falcone (Best Practical Solutions) - Practical Concurrency
Tim Bray (Google, Inc.) - Scribe – Moving Data at Massive Scale
Robert Johnson (Facebook) - Make Open Easy
Dan Bentley (Google)
Implementing Dynamic Finders and Parsing Method Expressions
Most ORMs support the concept of dynamic finders. A dynamic finder looks like a normal method invocation, but the method itself doesn’t exist, instead, it’s generated dynamically and processed via another method at runtime.
A good example of this is Ruby. When you invoke a method that doesn’t exist, it raises a NoMethodError exception, unless you define “method_missing”. Rails ActiveRecord::Base class implements some of its magic thanks to this method. For example, find_by_title(title) and find_by_title_and_date(title, date) are turned into:
find(:first, :conditions => ["title = ?", title]) find(:first, :conditions => ["title = ? AND date = ?", title, date])
What’s nice about Ruby is that the language allows you to define methods dynamically using the “define_method” method. That’s how Rails defines each dynamic finder in the class after it is first invoked, so that future attempts to use it do not run through the “method_missing” method.
Method Expressions
GORM, Grails ORM library, introduces the concept of dynamic method expressions. A method expression is made up of the prefix such as “findBy” followed by an expression that combines one or more properties. Grails takes advantage of Groovy features to provide dynamic methods:
findByTitle("Example")
findByTitleLike("Exa%")
Method expressions can also use a boolean operator to combine two criteria:
findAllByTitleLikeAndDateGreaterThan("Exampl%", '2010-03-23')
In this case we are using AND in the middle of the query to make sure both conditions are satisfied, but you could equally use OR:
findAllByTitleLikeOrDateGreaterThan("Exampl%", '2010-03-23')
Parsing Method Expressions
MethodExpressionParser is a PHP library for parsing method expressions. It’s designed to quickly and easily parse method expressions and construct conditions based on attribute names and arguments.
Description
[finderMethod]([attribute][expression][logicalOperator])?[attribute][expression]
Expressions
- LessThan: Less than the given value
- LessThanEquals: Less than or equal a give value
- GreaterThan: Greater than a given value
- GreaterThanEquals: Greater than or equal a given value
- Like: Equivalent to a SQL like expression
- NotEqual: Negates equality
- IsNotNull: Not a null value (doesn’t require an argument)
- IsNull: Is a null value (doesn’t require an argument)
Examples
findByTitleAndDate('Example', date('Y-m-d'));
SELECT * FROM book WHERE title = ? AND date = ?
findByTitleOrDate('Example', date('Y-m-d'))
SELECT * FROM book WHERE title = ? OR date = ?
findByPublisherOrTitleAndDate('Name', 'Example', date('Y-m-d'))
SELECT * FROM book WHERE publisher = ? OR (title = ? AND date = ?)
findByPublisherInAndTitle(array('Name1', 'Name2'), 'Example')
SELECT * FROM book WHERE publisher IN (?, ?) AND date = ?
findByTitleLikeAndDateNotNull('Examp%')
SELECT * FROM book WHERE title LIKE ? AND date NOT NULL
findByIdOrTitleAndDateNotNull(1, 'Example')
SELECT * FROM book WHERE (id = ?) OR (title = ? AND date NOT NULL)
Example 1:
findByTitleLikeAndDateNotNull('Examp%');
Outputs:
array
0 =>
array
0 =>
array
'attribute' => string 'title'
'expression' => string 'Like'
'format' => string '%s LIKE ?'
'placeholders' => int 1
'argument' => string 'Examp%'
1 =>
array
'attribute' => string 'date'
'expression' => string 'NotNull'
'format' => string '%s IS NOT NULL'
'placeholders' => int 0
'argument' => null
Example 2:
findByTitleAndPublisherNameOrTitleAndPublisherName('Title', 'a', 'Title', 'b');
Outputs:
array
0 =>
array
0 =>
array
'attribute' => string 'title'
'expression' => string 'Equals'
'format' => string '%s = ?'
'placeholders' => int 1
'argument' => string 'Title'
1 =>
array
'attribute' => string 'publisher_name'
'expression' => string 'Equals'
'format' => string '%s = ?'
'placeholders' => int 1
'argument' => string 'a'
1 =>
array
0 =>
array
'attribute' => string 'title'
'expression' => string 'Equals'
'format' => string '%s = ?'
'placeholders' => int 1
'argument' => string 'Title'
1 =>
array
'attribute' => string 'publisher_name'
'expression' => string 'Equals'
'format' => string '%s = ?'
'placeholders' => int 1
'argument' => string 'b'
See more examples: Project Wiki
Usage
class EntityRepository
{
private $methodExpressionParser;
// Return a single instance of MethodExpressionParser
public function getMethodExpressionParser() {
}
// Finder methods
public function findBy($conditions) {
var_dump($conditions);
}
public function findAllBy($conditions) {
var_dump($conditions);
}
// Invoke finder methods
public function __call($method, $args) {
if ('f' === $method{0}) {
try {
$result = $this->getMethodExpressionParser()->parse($method, $args);
$finderMethod = key($result);
$conditions = $result[$finderMethod];
} catch (MethodExpressionParserException $e) {
$message = sprintf('%s: %s()', $e->getMessage(), $method);
throw new EntityRepositoryException($message);
}
return $this->$finderMethod($conditions);
}
$message = 'Invalid method call: ' . __METHOD__;
throw new BadMethodCallException($message);
}
}
Performance
PHP doesn’t allow you to define methods dynamically, this means that every time you invoke a finder method the parser has to search, extract and map all the attribute names and expressions. To avoid introducing this performance overhead you can cache the attribute names. For example:
class EntityRepository
{
private $methodExpressionParser;
private $classMetadata;
// Return a single instance of MethodExpressionParser
public function getMethodExpressionParser() {
}
// Return a single instance of ClassMetadata
public function getClassMetadata() {
}
// Invoke finder methods
public function __call($method, $args) {
if ('f' === $method{0}) {
$parser = $this->getMethodExpressionParser();
$classMetadata = $this->getClassMetadata();
try {
$finderMethod = $parser->determineFinderMethod($method);
if ($classMetadata->hasMissingMethod($method)) {
$attributes = $classMetadata->getMethodAttributes($method);
$conditions = $parser->map($args, $attributes);
} else {
$expressions = substr($method, strlen($finderMethod));
$attributes = $this->extractAttributeNames($expressions);
$conditions = $parser->map($args, $attributes);
$classMetadata->setMethodAttributes($method, $attributes);
}
} catch (MethodExpressionParserException $e) {
$message = sprintf('%s: %s()', $e->getMessage(), $method);
throw new EntityRepositoryException($message);
}
return $this->$finderMethod($conditions);
}
$message = 'Invalid method call: ' . __METHOD__;
throw new BadMethodCallException($message);
}
}
The Expression objects are lazy-loaded, depending on the expressions found in the method name.
Extensibility
The MethodExpressionParser class was designed with extensibility in mind, allowing you to add new Expressions to the library.
abstract class Expression {
}
class EqualsExpression extends Expression {
}
Source Code
http://fedecarg.com/repositories/show/expressionparser
Check out the current development trunk with:
$ svn checkout http://svn.fedecarg.com/repo/Zf/Orm
Command-line memcached stat reporter
Nicholas Tang wrote a nice little perl script that shows a basic memcached top display for a list of servers. You can specify thresholds, for instance, and it’ll change color to red if you exceed the thresholds. You can also choose the refresh/sleep time, and whether to show immediate (per second) stats, or lifetime stats.
To install it you only need to download the script and make it executable:
$ curl http://memcache-top.googlecode.com/files/memcache-top-v0.6 > ~/bin/memcache-top $ chmod +x ~/bin/memcache-top $ memcache-top --sleep 3 --instances 10.50.11.3,10.50.11.4,10.50.11.5
Here’s some sample output:
memcache-top v0.6 (default port: 11211, color: on, refresh: 3 seconds) INSTANCE USAGE HIT % CONN TIME EVICT/s GETS/s READ/s WRITE/s 10.50.11.3:11211 88.9% 69.7% 1661 0.9ms 0.3 47 13.9K 9.8K 10.50.11.4:11211 88.8% 69.9% 2121 0.7ms 1.3 168 17.6K 68.9K 10.50.11.5:11211 88.9% 69.4% 1527 0.7ms 1.7 48 14.4K 13.6K AVERAGE: 84.7% 72.9% 1704 1.0ms 1.3 69 13.5K 30.3K TOTAL: 19.9GB/ 23.4GB 20.0K 11.7ms 15.3 826 162.6K 363.6K (ctrl-c to quit.)
Project Home
http://code.google.com/p/memcache-top/
Database Replication Adapter for Zend Framework Applications
Last updated: 21 Feb, 2010
Database replication is an option that allows the content of one database to be replicated to another database or databases, providing a mechanism to scale out the database. Scaling out the database allows more activities to be processed and more users to access the database by running multiple copies of the databases on different machines.
The problem with monolithic database designs is that they don’t establish an infrastructure that allows for rapid changes in business requirements. Here is where database replication comes into play. Replication can be used effectively for many different purposes, such as separating data entry and reporting, distributing load across servers, providing high availability, etc.
Zf_Orm_DataSource is a Zend Framework Replication Adapter class flexible enough to support the most commonly used replication scenarios:
Single-Master Replication
In the simplest replication scenario, the master copy of directory data is held in a single read-write replica on one server called the supplier server. The supplier server also maintains changelog for this replica. On another server, called the consumer server, there can be multiple read-only replicas.
Configuration array:
$config = array(
'adapter' => 'Pdo_Mysql',
'driver_options' => array(PDO::ATTR_TIMEOUT=>5),
'username' => 'root',
'password' => 'root',
'dbname' => 'test',
'master_servers' => 1,
'servers' => array(
array('host' => 'db.master-1.com'),
array('host' => 'db.slave-1.com'),
array('host' => 'db.slave-2.com')
)
);
// or ...
$config = array(
'adapter' => 'Pdo_Mysql',
'driver_options' => array(PDO::ATTR_TIMEOUT=>5),
'dbname' => 'test',
'master_servers' => 1,
'servers' => array(
array('host' => 'db.master-1.com', 'username' => 'user1', 'password'=>'pass1'),
array('host' => 'db.slave-1.com', 'username' => 'user2', 'password' => 'pass2'),
array('host' => 'db.slave-2.com', 'username' => 'user3', 'password' => 'pass3')
)
);
In the setup above, all writes will go to the master connection and all reads will be randomly distributed across the available slaves.
Multi-Master Replication
This type of configuration can work with any number of consumer servers. Each consumer server holds a read-only replica. The consumers can receive updates from all the suppliers. The consumers also have referrals defined for all the suppliers to forward any update requests that the consumers receive.
$config = array(
'adapter' => 'Pdo_Mysql',
'driver_options' => array(PDO::ATTR_TIMEOUT=>5),
'username' => 'root',
'password' => 'root',
'dbname' => 'test',
'master_servers' => 2,
'master_read' => true,
'servers' => array(
array('host' => 'db.master-1.com'),
array('host' => 'db.master-2.com')
)
);
Using a distributed memory caching system
Database connections are expensive and it’s very inefficient for an application to try to connect to a server that is down or not responding. A distributed memory caching system can help alleviate this problem by keeping a list of all the failed connections in memory, sharing that information across multiple servers and allowing the application to access it before attempting to open a connection.
To enable this option, you have to pass an instance of the Memcached adapter class:
class Bootstrap extends Zend_Application_Bootstrap_Base
{
protected function _initCache()
{
...
}
protected function _initDatabase()
{
$config = include APPLICATION_PATH . '/config/database.php';
$cache = $this->getResource('cache');
$dataSource = new Zf_Orm_DataSource($config, $cache, 'cache_tag');
Zend_Registry::set('dataSource', $dataSource);
}
}
And here is a short example of how the Replication Adapter might be used in a ZF application:
class TestDao
{
public function fetchAll()
{
$db = Zend_Registry::get('dataSource')->getConnection('slave');
$query = $db->select()->from('test');
return $db->fetchAll($query);
}
public function insert($data)
{
$db = Zend_Registry::get('dataSource')->getConnection('master');
$db->insert('test', $data);
return $db->lastInsertId();
}
}
Source Code:
http://fedecarg.com/repositories/show/replicationadapter
Adding theme support to your Zend Framework application
This is a brief explanation on how to add theme support to your Zend Framework application and how to ensure those themes are self-contained, easy to distribute and install.
Themes are very powerful and extremely easy to develop. They allow you to quickly switch between layouts and change the look and feel of your application. You can use themes to show, for example, a mobile friendly version of your site.
Making a Zend Framework application theme-able is a three-step process.
First, modify your directory structure:
application/
controllers/
library/
public/
themes/
default/
css/
images/
templates/
custom/
css/
images/
templates/
Then, edit your Bootstrap class:
class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
{
protected function _initView()
{
$theme = 'default';
if (isset($this->config->app->theme)) {
$theme = $this->config->app->theme;
}
$path = PUBLIC_PATH.'/themes/'.$theme.'/templates';
$layout = Zend_Layout::startMvc()
->setLayout('layout')
->setLayoutPath($path)
->setContentKey('content');
$view = new Zend_View();
$view->setBasePath($path);
$view->setScriptPath($path);
return $view;
}
}
And finally, copy your view scripts and layouts to the templates directory:
application/
library/
public/
themes/
full-site/
css/
images/
templates/
error/
index/
partials/
layout.phtml
mobile-site/
css/
images/
templates/
Voila, mission accomplished.
Increase speed and reduce bandwidth usage
Apache’s mod_deflate module provides the DEFLATE output filter that allows output from your server to be compressed before being sent to the client over the network.
There are two ways of enabling gzip compression:
- Using Apache’s mod_deflate
- Using output buffering
Encoding the output and setting the appropriate headers manually makes the code more portable. Keep in mind that there are hundreds of Linux distributions, each slightly different to significantly different. To allow portability the application should not make assumptions about the OS or config involved.
Using Apache
1. Enable mod_deflate
Debian/Ubuntu:
$ a2enmod deflate $ /etc/init.d/apache2 force-reload
2. Configure mode_deflate
$ nano /etc/apache2/mods-enabled/deflate.conf # # mod_deflate configuration # <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript DeflateCompressionLevel 9 BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html DeflateFilterNote Input instream DeflateFilterNote Output outstream DeflateFilterNote Ratio ratio </IfModule>
Using output buffering
Create a gzip compressed string in your bootstrap file:
try {
$frontController = Zend_Controller_Front::getInstance();
if (@strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false) {
ob_start();
$frontController->dispatch();
$output = gzencode(ob_get_contents(), 9);
ob_end_clean();
header('Content-Encoding: gzip');
echo $output;
} else {
$frontController->dispatch();
}
} catch (Exeption $e) {
if (Zend_Registry::isRegistered('Zend_Log')) {
Zend_Registry::get('Zend_Log')->err($e->getMessage());
}
$message = $e->getMessage() . "\n\n" . $e->getTraceAsString();
/* trigger event */
}
