DOCSLIB.ORG

F.3.2. XML External Entity (XXE) Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
F.3.2. XML External Entity (XXE) Attacks Master Thesis Security Implications of DTD Attacks Against a Wide Range of XML Parsers Christopher Späth Date: 20.10.2015 Supervisor: Christian Mainka, Vladislav Mladenov, Jörg Schwenk Ruhr-University Bochum, Germany Chair for Network and Data Security Prof. Dr. Jörg Schwenk Homepage: www.nds.rub.de Abstract The Extensible Markup Language (XML) is extensively used today in applications, protocols and databases. It is platform independent and allows description and easy access to structured data. Technically, a parser processes an input XML document to translate a byte-stream into a structure that can be used by APIs in programming languages like Python, Java or PHP. DTDs (DTDs) enable the author of the XML document to describe the structure (grammar) of the XML document and therefore check the document for validity. Besides a validity check DTDs also introduce basics storage units, called entities. These are the cause of a series of vulnerabilities, which can be assigned to different classes. (1.) Denial-of-Service (DoS) attacks (billion laugh attack) force the parser to process an input XML document of several hundred bytes, which then expands its size during processing up to several tera- or petabytes of data. (2.) XML External En- tity (XXE) attacks aim to read arbitrary data on a server’s filesystem by only invoking the parsing process of an XML document. (3.) URL Invocation (URL Invocation) attacks use the parser to invoke a request on another system, which can be any system the server can access. This is highly problematic because an attacker may retrieve information about internal systems or misuse the server for Server Side Request Forgery Attacks. DoS and XXE were first discovered back in 2002, and so it is surprisingly that the at- tacks are still working more than a decade later, even for companies like Facebook [Sil], Google [det], SAP NetWeaver [erpa] and Mobile Platform [erpb], Apple Office Viewer [app], mediawiki [wik], Adobe [thr] and Samsung SmartTVs [NSMS15]. In this presentation we contribute a comprehensive security analysis of 27 XML parsers in six popular pro- gramming languages: Ruby, .NET, PHP, Java, Python, Perl. We identify each parser’s default behavior with regard to security relevant parsing features by using 16 core tests. These core tests address DoS (3 tests), XXE (5 tests), URL Invocation (6 tests), XML Inclusions (XInclude) (1 test) and Extensible Stylesheet Language Transformations (XSLT) (1 test). We compute a “base vulnerability score” from these test re- sults which is independent of the programming language and the parser. By extending these core tests with parser-specific tests, we investigate the implication of individual parser features and their interaction with one another on the overall security. This leads to an overall test set of more than 800 tests and on average 50 tests per parser. With this accumulated information we calculate another parser-dependant “extended vul- nerability score”. These two scores enable a party to quickly make a sound decision regarding the security of an XML parser. Using the results of individual tests, a party can identify problematic settings or appropriate countermeasures for specific parser configurations. Keywords: XML parsing, DoS, XXE, Parameter Entities, XInclude, URL Invocation Contents List of Figures............................................. xiii List of Tables............................................. xv Glossary xvii Acronyms 1 1. Introduction 2 1.1. Motivation............................................3 1.1.1. Topics Beyond the Scope................................4 2. Related Work 5 2.1. Existing Contributions.....................................5 2.2. Reported Attacks........................................6 2.3. Contribution and Motivation..................................6 3. XML Basics 7 3.1. XML Language Constructs...................................7 3.1.1. Documents.......................................8 3.1.2. Well-formedness....................................8 3.1.3. Validity.........................................9 3.1.4. Characters....................................... 10 3.1.5. Common Syntactic Constructs............................. 10 3.1.6. Character Data and Markup.............................. 11 3.1.7. Processing Instructions................................. 11 3.1.8. CDATA Sections.................................... 12 3.1.9. Prolog and Document Type Declaration........................ 12 3.1.10. Standalone Document Declaration........................... 14 3.1.11. Validating and Non-Validating Processors....................... 15 3.2. Logical Structure........................................ 16 3.2.1. Elements and Attributes................................ 16 3.2.2. Element Type Declarations............................... 18 3.2.3. Attribute-List Declarations............................... 19 Contents iv 3.3. Physical Structure........................................ 22 3.3.1. Character References.................................. 22 3.3.2. Internal General Entity................................. 23 3.3.3. External General Entity................................. 25 3.3.4. Internal Parameter Entity................................ 26 3.3.5. External Parameter Entity............................... 28 3.3.6. Unparsed Entity.................................... 30 3.4. Processing of Entities...................................... 32 3.4.1. Character Reference.................................. 33 3.4.2. Internal General Entity................................. 36 3.4.3. External General Entity................................. 39 3.4.4. Parameter Entities................................... 41 3.4.5. Unparsed Entities.................................... 46 3.5. XInclude............................................ 47 3.6. XSLT.............................................. 50 3.7. XML Parsing.......................................... 51 3.7.1. DOM.......................................... 51 3.7.2. SAX.......................................... 52 3.7.3. StAX Parser...................................... 56 4. Attacks 57 4.1. Denial-of-Service Attacks................................... 57 4.2. XML External Entity (XXE) Attacks.............................. 62 4.3. XXE Attacks Based on Parameter Entity............................ 64 4.3.1. Reading out arbitrary files............................... 64 4.3.2. Bypassing [WFC: No External Entity References].................. 67 4.3.3. XXE Out-of-Band Attacks............................... 70 4.3.4. XXE Out-of-Band Attacks - SchemaEntity...................... 74 4.4. URL Invocation Attacks.................................... 77 4.5. XInclude Attacks........................................ 79 4.6. XSLT Attacks.......................................... 81 5. Methodology 82 5.1. General............................................. 82 5.2. Denial-of-Service Methodology................................ 85 5.3. XML External Entity (XXE) Methodology........................... 87 5.4. XXE Based on Parameter Entities Methodology........................ 89 5.5. URL Invocation Methodology................................. 92 5.6. XInclude Methodology..................................... 97 Contents v 5.7. XSLT Methodology....................................... 98 6. Ruby 99 6.1. Installation and Setup...................................... 99 6.1.1. Installation Nokogiri.................................. 100 6.1.2. Network and Firewall.................................. 100 6.2. Overview of Parsers....................................... 100 6.3. REXML............................................. 101 6.3.1. Introduction to REXML................................ 101 6.3.2. Available Settings of REXML............................. 102 6.3.3. Impact......................................... 106 6.4. Nokogiri............................................. 109 6.4.1. Introduction to Nokogiri................................ 109 6.4.2. Available Settings of Nokogiri............................. 111 6.4.3. Impact......................................... 112 6.5. Impact of all Ruby Parsers................................... 116 7. Python 118 7.1. Installation and Setup...................................... 118 7.1.1. Installation Requests.................................. 118 7.1.2. Installation Defusedxml................................ 119 7.1.3. Installation lxml.................................... 119 7.1.4. Network and Firewall.................................. 120 7.2. Overview of Parsers....................................... 120 7.3. Etree............................................... 121 7.3.1. Introduction to etree.................................. 121 7.3.2. Available Settings of etree............................... 122 7.3.3. Impact......................................... 124 7.4. minidom............................................. 126 7.4.1. Introduction to minidom................................ 126 7.4.2. Available Settings of minidom............................. 127 7.4.3. Impact......................................... 128 7.5. xml.sax............................................. 130 7.5.1. Introduction to xml.sax................................. 130 7.5.2. Available Settings of xml.sax.............................. 131 7.5.3. Impact......................................... 132 7.6. pulldom............................................. 135 7.6.1. Introduction to pulldom................................ 135 7.6.2. Available Settings of pulldom............................. 136 Contents vi
Load more

Recommended publications
  • Cakephp Cookbook Documentation Release 4.X
    CakePHP Cookbook Documentation Release 4.x Cake Software Foundation Sep 25, 2021 Contents 1 CakePHP at a Glance 1 Conventions Over Configuration........................................1 The Model Layer................................................1 The View Layer.................................................2 The Controller Layer..............................................2 CakePHP Request Cycle............................................3 Just the Start...................................................4 Additional Reading...............................................4 2 Quick Start Guide 13 Content Management Tutorial......................................... 13 CMS Tutorial - Creating the Database..................................... 15 CMS Tutorial - Creating the Articles Controller................................ 19 3 4.0 Migration Guide 29 Deprecated Features Removed......................................... 29 Deprecations.................................................. 29 Breaking Changes................................................ 31 New Features.................................................. 37 4 Tutorials & Examples 41 Content Management Tutorial......................................... 41 CMS Tutorial - Creating the Database..................................... 43 CMS Tutorial - Creating the Articles Controller................................ 47 CMS Tutorial - Tags and Users......................................... 56 CMS Tutorial - Authentication......................................... 64 CMS Tutorial - Authorization.........................................
    [Show full text]
  • Complete PHP Secrets & Tips for Professionals
    PHP CompleteComplete Tips & Secrets for Professionals TipsPHP & Secrets for Professionals 300+ pages of professional hints and tricks Disclaimer This is an unocial free book created for educational purposes and is GoalKicker.com not aliated with ocial PHP group(s) or company(s). Free Programming Books All trademarks and registered trademarks are the property of their respective owners Contents About ................................................................................................................................................................................... 1 Chapter 1: Getting started with PHP ................................................................................................................... 2 Section 1.1: HTML output from web server .................................................................................................................. 2 Section 1.2: Hello, World! ............................................................................................................................................... 3 Section 1.3: Non-HTML output from web server ........................................................................................................ 3 Section 1.4: PHP built-in server ..................................................................................................................................... 4 Section 1.5: PHP CLI ......................................................................................................................................................
    [Show full text]
  • Sethesaurus: Wordnet in Software Engineering
    This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication. The final version of record is available at http://dx.doi.org/10.1109/TSE.2019.2940439 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 14, NO. 8, AUGUST 2015 1 SEthesaurus: WordNet in Software Engineering Xiang Chen, Member, IEEE, Chunyang Chen, Member, IEEE, Dun Zhang, and Zhenchang Xing, Member, IEEE, Abstract—Informal discussions on social platforms (e.g., Stack Overflow, CodeProject) have accumulated a large body of programming knowledge in the form of natural language text. Natural language process (NLP) techniques can be utilized to harvest this knowledge base for software engineering tasks. However, consistent vocabulary for a concept is essential to make an effective use of these NLP techniques. Unfortunately, the same concepts are often intentionally or accidentally mentioned in many different morphological forms (such as abbreviations, synonyms and misspellings) in informal discussions. Existing techniques to deal with such morphological forms are either designed for general English or mainly resort to domain-specific lexical rules. A thesaurus, which contains software-specific terms and commonly-used morphological forms, is desirable to perform normalization for software engineering text. However, constructing this thesaurus in a manual way is a challenge task. In this paper, we propose an automatic unsupervised approach to build such a thesaurus. In particular, we first identify software-specific terms by utilizing a software-specific corpus (e.g., Stack Overflow) and a general corpus (e.g., Wikipedia). Then we infer morphological forms of software-specific terms by combining distributed word semantics, domain-specific lexical rules and transformations.
    [Show full text]
  • Tsuru Documentation Release 1.6.2
    tsuru Documentation Release 1.6.2 tsuru Oct 04, 2018 Contents 1 Understanding 3 1.1 Overview.................................................3 1.2 Concepts.................................................4 1.3 Architecture...............................................5 2 Installing 7 2.1 tsuru Installer...............................................7 2.2 Installing tsuru components....................................... 12 3 Managing 21 3.1 Installing platforms............................................ 21 3.2 Creating a platform............................................ 22 3.3 Using Pools................................................ 23 3.4 Provisioners............................................... 25 3.5 Clusters.................................................. 26 3.6 Segregate Scheduler........................................... 27 3.7 Upgrading Docker............................................ 27 3.8 Managing Git repositories and SSH keys................................ 28 3.9 Managing users and permissions..................................... 28 3.10 Managing Application Logs....................................... 32 3.11 Debugging and Troubleshooting..................................... 33 3.12 Volumes................................................. 34 3.13 Event webhooks............................................. 35 4 Using 39 4.1 Installing tsuru client........................................... 39 4.2 Deploying................................................ 40 4.3 App-Deploy..............................................
    [Show full text]
  • Variables En PHP 5
    Manual Imprescindible de PHP5 Luis Miguel Cabezas Granado Prólogo de Zeev Suraski y Andi Gutmans ANAYA MULTIMEDIA Agradecimientos Finalizar este libro ha sido una odisea donde han intervenido muchas personas y factores, mudanza incluida. Para empezar me gustaría agradecer a Marta Camarero y a Eugenio Tuya su fe en mí como escritor. Me dieron ánimos desde el principio y un poquito de prisa. A Zeev Suraski y Andi Gutmans, creadores de PHP 5, por crear el lengua­ je y tratarme como a uno de los suyos en los ¿seminar de www.zend.com. Además, tengo que agradecerles la rapidez con la que escribieron el pró­ logo del libro. A Marco Tabini, director de la revista canadiense PHParchitect, por en­ viarme el manual de Certificación PHP en papel y no en PDF. A Tim Converse y Joyce Park por escribir PHP5 and MySQL Bible, cuyos conocimientos me bebí en apenas 3 días. A Harry Fuecks por escribir el mejor libro de PHP de todos los tiempos The PHP Anthology, que me hizo reorientar todos los esfuerzos a la inno­ vación. A la Asociación Regional de Universidades Populares de Extremadura (AUPEX) por probar todos mis programas escritos en PHP (libros de visita, foros, nccproject, newton, etcétera). Espero dar algún día con la tecla. A mis compañeros de trabajo Pako, Palomo, Javi y Pedro por las largas horas de discusión en torno a Delphi, Java, C# y, por supuesto, PHP. A Justo Cabezas, porque todo lo que me regaló fueron libros de informá­ tica, y encima escritos por él. Sigo tus pasos. A los grupos de usuario de gnuLinux de Extremadura www.sinuh.org y www.gulex.org, por ser una fuente inagotable de conocimientos.
    [Show full text]
  • Rmenu Raspberry PI 3B+ Rmenu 環境構築 Raspberry PI3B+ Rmenu
    RaspberryPi3-20190706 RaspberryPI3 Rmenu VPS Rmenu Raspberry PI 3B+ Rmenu 環境構築 Raspberry PI3B+ Rmenu development term 2019/07/06 1 目次 第1章 はじめに ................................................................................................................................... 4 第2章 構築作業、SD イメージ作成 ................................................................................................... 5 1. Raspbian Buster Lite を ダウンロード ......................................................................... 5 2. SD メモリカードフォーマッターを取得しインストール ................................................ 6 3. SD カードをフォーマットします ................................................................................... 8 4. img ファイルの書き込みプログラムのインストール...................................................... 9 5. img ファイルの書き込み ................................................................................................ 9 6. ssh ファイルの書き込み ............................................................................................... 10 7. SD カードを取り付け、電源を入れる .......................................................................... 11 第3章 最初のログイン ...................................................................................................................... 12 1. ルータが付与した IP アドレスへログイン ................................................................... 12 第4章 Linux raspberrypi 初期設定 ................................................................................................. 13 1. ログイン .....................................................................................................................
    [Show full text]
  • PHP: Zend for I5/OS
    Front cover PHP: Zend for i5/OS Learn how to install and administer Discover valuable development tips and advice Security, globalization, Zend Platform for i5/OS, and more! Gary Mullen-Schultz Melissa Anderson Vlatko Kosturjak ibm.com/redbooks International Technical Support Organization PHP: Zend for i5/OS January 2007 SG24-7327-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (January 2007) This edition applies to Version 1.0, Release 5.0, Modification 0.0 of Zend Core for i5/OS, Version 2.0, Release 1.0, Modification 2.0 of Zend Platform for i5/OS, and Version 5.0, Release 2.0, Modification 0.0 of Zend Studio for i5/OS. © Copyright International Business Machines Corporation 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this book . ix Become a published author . .x Comments welcome. .x Chapter 1. Welcome to PHP on i5/OS! . 1 1.1 Welcome! . 2 1.1.1 IBM and Zend Core. 2 1.1.2 Zend Core for IBM . 2 1.2 Previous support of PHP on i5/OS . 3 1.3 Current support of PHP on i5/OS . 3 1.3.1 Zend Core for i5/OS . 3 1.3.2 Zend Studio for i5/OS . 4 1.3.3 Zend Platform for i5/OS . 4 1.4 How i5 implementation differs from Zend Core.
    [Show full text]
  • PHP 5 Power Programming by Andi Gutmans, Stig Bakken, and Derick Rethans
    PHP 5 Content provided in partnership with Prentice Hall PTR, from the book PHP 5 Power Programming by Andi Gutmans, Stig Bakken, and Derick Rethans Introduction Following the huge success of its predecessors, PHP 5 brings many significant improvements to the most popular web scripting language on the globe. The book PHP 5 Power Programming, written by Stig Bakken, Derick Rethans, and myself, provides readers with an in-depth view of this new PHP version right from its source. The foundation of PHP 5 is the new Zend Engine II scripting engine, which not only features a completely new and feature rich object oriented paradigm, but also provides the infrastructure for other significant changes such as great improvements in PHP's support for XML technologies. This article gives you a very short overview of PHP 5 and what makes it so great. New OO Features The OO model of PHP 5 has been completely rewritten. Not only does the move from objects being native types to objects being handles give much more clarity on when objects are created, cloned, and destroyed, but it also allowed us to implement many new OO features which are common in traditional OO languages. There are far too many features to cover, but the following list gives you the highlights: • As mentioned, PHP objects are now based on handles, which allows for clear-cut object constructors, clone methods and destructors • The PHP object syntax can be completely overloaded by PHP extension authors, allowing the efficient implementation of important new features such as SimpleXML and the native SOAP extension, both of which are described later on • Both properties and methods support the common OO public/private/protected access modifiers (as well as final and static) • Abstract methods, abstract classes and interfaces • Exception handling ala try/throw/catch • Method return value de-referencing such as $obj->method1()->method2() This list is only the tip of the iceberg, and there are many more OO improvements, too numerous to cover in this short overview.
    [Show full text]
  • Building Blocks of a Scalable Web Crawler
    Building blocks of a scalable web crawler Marc Seeger Computer Science and Media Stuttgart Media University September 15, 2010 A Thesis Submitted in Fulfilment of the Requirements for a Degree of Master of Science in Computer Science and Media Primary thesis advisor: Prof. Walter Kriha Secondary thesis advisor: Dr. Dries Buytaert I I Abstract The purpose of this thesis was the investigation and implementation of a good architecture for collecting, analysing and managing website data on a scale of millions of domains. The final project is able to automatically collect data about websites and analyse the content management system they are using. To be able to do this efficiently, different possible storage back-ends were examined and a system was implemented that is able to gather and store data at a fast pace while still keeping it searchable. This thesis is a collection of the lessons learned while working on the project combined with the necessary knowledge that went into architectural decisions. It presents an overview of the different infrastructure possibilities and general approaches and as well as explaining the choices that have been made for the implemented system. II Acknowledgements I would like to thank Acquia and Dries Buytaert for allowing me to experience life in the USA while working on a great project. I would also like to thank Chris Brookins for showing me what agile project management is all about. Working at Acquia combined a great infrastructure and atmosphere with a pool of knowledgeable people. Both these things helped me immensely when trying to find and evaluate a matching architecture to this project.
    [Show full text]
  • Open Source Code Acknowledgements & Package List
    Open Source Code Acknowledgements & Package List Copyright © 2010 ‐ 2020 Spectra Logic Corporation. All rights reserved. This appendix contains the licenses and notices for open source software used in the product. If you have any questions or want to receive a copy of the free/open source software to which you are entitled under the applicable free/open source license(s) (such as the Common Development and Distribution License (CCDL)), contact Spectra Logic Technical Support. APACHE Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE‐2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “A S IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. FREEBSD Copyright © 1992‐2020 The FreeBSD Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS ISʹʹ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    [Show full text]
  • Open Source Licenses 1. Apache-2.0 2. BSD-2-Clause 3
    Open source licenses 1. Apache-2.0 2. BSD-2-Clause 3. BSD-3-Clause 4. BSL-1.0 5. CCPL 6. ISC 7. JSON 8. MIT 9. Zlib Please note, this list may be modified at any time. ------------------------------------------------------------------------------------------------------------------------------------------ Apache License, Version 2.0 adal-node version 0.1.28, Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. adbkit-apkreader version 3.1.2, Copyright © 2013 CyberAgent, Inc., Copyright © 2016 The OpenSTF Project addressable version 2.7.0, Copyright © Bob Aman AWSAPIGateway version 2.6.35, Copyright 2017 - 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. gson version 2.3.1, Copyright 2008 Google Inc. libphonenumber version 7.0.5, Copyright 2014 The Chromium Authors. All rights reserved. dagger version 2.5, Copyright 2012 The Dagger Authors retrofit1-okhttp3-client version 1.0.2, Copyright 2016 Jake Wharton commons-io version 2.5, Copyright 2002-2021 The Apache Software Foundation okhttp version 3.2.0, Copyright 2019 Square, Inc. okio version 1.6.0, Copyright 2013 Square, Inc. retrofit version 1.9.0, Copyright 2013 Square, Inc. detect-libc version 1.0.3, Copyright 2017 Lovell Fuller ecdsa-sig-formatter versions 1.0.9 and 1.0.11, Copyright 2015 D2L Corporation ejs version 2.5.7, EJS Embedded JavaScript templates copyright 2112 [email protected]. FirebaseAuth version 5.0.1, FirebaseCore version 5.0.4, [email protected], FirebaseInstanceID version 3.1.1, [email protected], Copyright 2018 Google LLC rxjava-async-util version 0.21.0, Copyright 2012 Netflix, Inc. rxjava-debug version 1.0.1, Copyright (c) 2016-present, RxJava Contributors.
    [Show full text]
  • PHP Optimization Using Hip Hop Virtual Machine Chaitali Tambe, Pramod Pawar, Dashrath Mane Vivekanand Education Society Institute of Technology, Chembur
    International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 4 Issue 6, June 2015 PHP Optimization Using Hip Hop Virtual Machine Chaitali Tambe, Pramod Pawar, Dashrath Mane Vivekanand education society institute of technology, Chembur Abstract— HipHop compiler is PHP based compiler created facebook.com. PHP applications that were developed by facebook in order to optimize the php code and save using HipHop terminology resulted in increased speed of resources on the facebook server. HPHPc translates the php application. Several drawbacks of standalone php code into executable c++ code. Later facebook realized that applications were eliminated by using HPHPc, one of HPHPc had some snags which included resource consumption and parallel maintenance of HPHP and which was performance. HPHPi. In order to overcome the drawbacks of HPHPc A. Limitation of HPHPc: HipHop virtual machine was developed in 2011 which is a process virtual machine based on just-in-time (JIT) HPHPc did not fully support the PHP language, compilation, serving as an execution engine for PHP and including the create_function() and eval() Hack programming languages. HHVM provides complete constructs. support for the entire PHP language. This paper shows how HHVM is superior to other compilers like PHP, PHP 7 It involved a specific time and resource consuming and how various framework uses HHVM to optimize deployment process that required a bigger than php. In addition the lock-down approach shows the 1 GB binary to be compiled and distributed to behavior of each framework with hhvm and show how many servers in short orders. performance optimization can be obtained for heavy In addition, maintaining HPHPc and HPHPi in websites.
    [Show full text]