![]() |  Production
environment
PHP Hypertext Preprocessor is the oldest and most stable Web server application development language in the market. It is a fast and versatile open source language that we offer in our Unix and Windows servers under a professional production environment. The development of any PHP application should always be done in the site owner's premises, hidden away from the public. Only when that code reaches stability should it be published on the Web site server. Because our servers will hold production code, they will not show PHP warnings because PHP can recover from them and there's valid PHP code that generates warnings. Seeing such warnings might suggest to the visitor that the site he was visiting was not professionally developed. PHP errors are displayed to the visitor, though. This avoids having the visitor see a blank or partially loaded page without further information of what is happening. This way the visitor might call you to report the error instead of just leaving. If you need our servers to display PHP warnings for final quality testing, you can do: error_reporting( E_ALL );
On the other hand, the programmer needs much more than just hidden warnings to be able to offer professional applications. With that in mind, our PHP setup includes the modules described to the left. These were chosen for their importance in professional PHP applications. For instance, mbstring is essential for pages processing data (client names, etc.) with non-Latin characters, bcmath is fundamental for scripts that process financial or monetary data (such as shopping carts), CURL, ODBC, XML and Zlib to access external data, etc.. Those modules and PHP itself were configured for optimized security and maximum function. Paradoxically, PHP's "safe mode" is off. This is because safe mode disables important features of the mail() function, amongst others. fopen("http://...") and similar functions are available to make it easier to access external data. The "dbx" module is configured to always return database field names in lower-case so that your code works properly even with databases such as Oracle that change field name case. PHP is configured to auto-detect text files' line ending so that functions such as file() work properly with files coming from Windows, Unix and Apple (Macintosh). These and many other specialized configurations offer you a professional hosting environment for your PHP applications. | ![]() | ![]() |  PHP
security
Security is always a compromise between "closed doors" and function. In our platform, we believe to have achieved an excellent balance between these requirements. For instance, GET/POST/Cookie variables are not automatically registered, i.e., if you call a script with: mypage.php?var=1
the script will not have a $var variable available. You should instead use $_REQUEST["var"]
to read its value. This prevents your script's variables from being externally influenced. The value of each of those variables is also protected by "magic quotes", a PHP feature that runs the addslashes() function for all variables received from the outside. This guarantees that small and short PHP scripts will have less security problems, while big professionally developed PHP applications can easily remove that protection using the reverse function stripslashes() or including our esx.nomagic.php script. To prevent a script from using up all available server memory, they cannot use more than 8Mb and cannot receive an upload larger than 5Mb. Database connections also cannot be persistent for the same reason. To prevent a script from using server resources indefinitely, PHP can take up to 60s handling incoming data before starting the script, and 30s in running the script. If these times are exceeded the script will be aborted. Finally, to guarantee script and data privacy, each script is only allowed to open the files corresponding to its Web site in the server and not files from its "neighbors" on the same server. This means that files received by upload should be moved to your Web site area with the function move_uploaded_file(). You can also open your MySQL database with a simple mysql_connect() (without server, user or password), which ensures you do not expose database access passwords in the code. Even though we went to great lengths to supply a secure production environment, we are aware there are known security problems with some PHP functions. The dl() function for instance was disabled to prevent internal attacks to the Web server. Other useful functions were not disabled, but can cause problems. Such behaviors are monitored and lead to hosting account suspension. More about hosting security  | ![]() |
Order