Patrick Kerrigan

Blog

Instrumenting PHP apps with AWS X-Ray

by Patrick Kerrigan, . Tags: Php Web Performance Aws

AWS X-Ray is an application monitoring tool by Amazon Web Services that allows you to get an insight into how your applications are performing in production. It also allows you to see how your applications interact with each other, with external services, and with some of AWS' own services. All that's required is to add some instrumentation code at key points in your application. Despite lack of official support, it can be used with PHP.

PHP Opcache file cache

by Patrick Kerrigan, . Tags: Php Web Performance

Opcache is one of PHP's most powerful tools when it comes to performance. With the release of PHP 7 it received a new feature which has gone largely un-noticed: the file cache. Depending on your hosting environment and/or traffic levels the file cache may be able to help squeeze even more performance out of PHP.

PHP performance optimisation quick wins

by Patrick Kerrigan, . Tags: Php Web Performance

PHP apps can easily begin to slow down over time as they grow, and with the recent patches for the Meltdown vulnerability adding a performance penalty to many workloads this slowdown can be amplified. Often there are some simple changes that can be made in order to see a measurable performance improvement for production workloads.

Chrome XSS Auditor and HTML editors

by Patrick Kerrigan, . Tags: Security Web

Chrome, along with Edge, Opera and Safari, has built in support for detecting and preventing Cross Site Scripting (XSS) attacks. This works well as a safety net to protect users when websites fail to protect themselves from such attacks, but can cause issues with applications which allow users to post HTML in forms. This shows in chrome as an error page with the text "ERR_BLOCKED_BY_XSS_AUDITOR" and can be quite intimidating for users trying to perform a legitimate operation.

SVG and Content Security Policy in Edge

by Patrick Kerrigan, . Tags: Security Bugs

Recently I've been trying to make some improvements to sites that I'm ivolved with, particularly converting images to SVG format and implementing HTTP Content Security Policy (more to come on those later). While doing so I ran into a strange issue to do with how Microsoft Edge handles the combination of these two technologies which only seems to be documented in an Edge bug report.
Older posts