skip to main content

kiesler.at
CommonHealthProblems
Immutable Page | Raw Text | Print View | History

Common Health Problems

this page tries to be a FAQ for common problems shown by the Health module. If you find out more, please edit it right in (using the "edit" link) or start a thread in my forums. Thank you.

caching

What it is: phpWebSite has the built-in capability of caching pages. This means, it takes the output of a module and stores it in a database table. As soon as someone does the same request, it fetches the result out of the database and shows it to the user

What it means for you: Is this good or bad? In most cases, this is actually not good. And that's why this setting is disabled in newer versions of phpWebSite by default. Why? Because accessing the database and looking for a cached copy means an additional overhead. As a result, your phpWebSite could actually perform worse than without caching.

memory_get_usage() not available

What it is: With memory_get_usage, scripts can find out, how much memory is actually eaten up by a given process. Health would like to find out, how much memory phpWebSite takes up in the current instance.

What it means for you: For some reason, your web hoster did not compile in the possibility of finding out the amount of allocated memory. This is not nice. I cannot think of a benefit of not putting it in. But it disables you to profile your phpWebSite installation.

open_basedir restriction

What it is: The open_basedir statement of php enables web hosters to secure php file access. Instead of relying on user / group / world privileges, there is an additional layer involved. if set, php scripts can only access directories enabled through open_basedir.

What it means for you: Usually nothing. If your phpWebSite path as well as your session directory is inside the open_basedir directories, you are all set.

register_globals()

What it is: Back in the days, when php was new, it was also rather insecure if used not properly. register_globals() was enabled by default, meaning that every get / post parameter would be mapped to a global variable. like http://www.kiesler.at/index.php?module=x would create the global variable $module and set it to the value "x".

What it means for you: This is very handy on the one side, because the programmer doesn't have to use constructs like $_POST['module'] to find out about post variables. But it's also a big security issue, because a skilled black-hat could overwrite vital variables of yours.

Please ask your webhost to disable this setting as fast as possible. Most application don't need it anymore and it is a security risk.


Last modified 2006-01-22 16:44 by rck