The Linux Letter: Shedding Light on LAMP

Linux / Open Source
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The "LAMP" phenomenon has been in the spotlight for a couple of years, yet many people don't really understand what it is. The acronym has been tossed around so much in varying contexts that its true meaning has become obscured. This month, we'll shine some light into the murky waters surrounding LAMP.

Whole Is Greater

Let's start with the short version: LAMP is an acronym for Linux, Apache, MySQL, and PHP. That's simple enough. Unfortunately, defining the acronym doesn't really do justice to the power that this combination represents. The whole is greater than the sum of the parts. Let's look at each component.

First, of course, is Linux. Anyone who calls himself a technology buff already knows about this. It's the free, powerful operating system that's causing the group from Redmond sleepless nights and bouts of heartburn. I'll revisit the operating system component shortly.

Next is Apache, the Web server that has more than a three-to-one lead over its nearest competitor, Microsoft's Internet Information Server (IIS). So powerful and feature-rich is this Web server that in the iSeries, IBM even replaced its custom Web server with a version of Apache that it ported over. Thus, the pedigree of the Apache product is not in doubt.

Perhaps a lesser-known component is the next: MySQL. MySQL is a lightening-fast DBMS produced by MySQL AB. While Linux and Apache have similar licenses (the former GPL and the latter the GPL-compatible Apache license), MySQL is one of those products that has a dual-licensing scheme. If you're using it for an open-source, GPLed application, you're free to use it at will. If you want to embed the DBMS into a proprietary product or your design, you can do so without obligating yourself to the terms of the GPL by purchasing a commercial license from MySQL AB.

The final component of LAMP is PHP, the server-side scripting language. PHP is simple to learn and is being adopted by many organizations for quickly creating dynamic Web sites. Anytime you go to a site and find a link to a page that ends in .php, you are experiencing the results of the language.

Bundled together, these four products comprise an extremely compelling Web platform that is available at no-to-low cost. As a bundle, they represent what can be, not what is. That is, LAMP provides the infrastructure necessary to build a dynamic Web site. It doesn't actually provide any content by itself. This is no big deal, though, given that virtually all of the content management systems (such as PostNuke) and other projects (such as DocMGR) provide the missing puzzle piece.

Variations

It's important to keep in mind that the products that make up the acronym aren't specific; the LAMP acronym applies to any combination of open-source OS, Web server, DBMS, and scripting language. If you want to substitute other open-source applications for the products that make up the acronym, you're more than welcome to do so. You'll still maintain the spirit of the acronym. Thus, Linux can be replaced with one of the other open-source *nix-like operating systems, such as FreeBSD. Apache runs on them all, so it could be replaced, but I'm not sure why you would want to do so. MySQL has a competitor that has been around a lot longer and is more feature-laden, PostgreSQL, which I wrote about last month. And PHP could just as easily be Perl or Ruby or any other of the popular scripting languages. Heck, you could just as easily substitute Windows for Linux, if you are more comfortable in that environment.

The variations on the theme are many. You do have to do a bit of research to determine the requirements of your desired project before picking the server. Some products, such as PostNuke, expect to use MySQL as a back-end database. DocMGR supports only PostgreSQL (because of the superior text-indexing of PG). Most projects use one or the other based on the original developers' familiarity with or bias toward. Newer projects are starting to get smarter and are separating the DB access layer from the code so that any DBMS can be plugged in. Me? I cover my bases by installing both DBMSs, which eliminates the hassle.

Assessing the Risk

While the benefits of LAMP are many (cheap and powerful being my top two choices), you do need to assess some risks. Most of them center around the use of the PHP language. Early in PHP's history, there existed many holes that nefarious crackers could exploit. These have slowly been corrected as the producers of the Linux distributions have set more-strict default configurations to preclude common attacks and as the authors of the various CMS packages have learned to write tighter, more-protected code. If you deploy a commonly available product, you can be assured that the script kiddies will start poking at your site to find vulnerabilities. The worst that I have ever been subjected to was defacement to a Web site. Quite frankly, I had overlooked updating the CMS software that powered the site. That taught me a lesson: Don't get caught falling behind on the security patches! You may forget, but the script kiddies won't.

Too Much Risk

Now that I've raised the alarm about security, you are probably wondering if you want to deploy LAMP at your location. For intranet sites, it's a no-brainer. The benefits are too great, and the risk is extremely low (at least, inside your protected network it should be). But for Internet-facing sites, the issue becomes more important. My advice is simple: Thoroughly investigate any software you are considering. Visit the project Web site and ensure that the pages are frequently updated (indicating an active project). Then, check CERT and the newsgroups for any telltale signs that all may not be well.

For what it's worth, I just recently noticed that my bank is using PHP on its Web site. Given the recent reports of identity theft caused by security issues at the various financial institutions, I'm not sure whether I should be worried or not. I can only hope that the bank's administrators are keeping up on the updates!

That's it for this month. Do yourself a favor and check out LAMP. If you have one of the common Linux distributions, everything you need will already be "in there" and ready for secure deployment. The price is right, and the performance can be outstanding.

Barry L. Kline is a consultant and has been developing software on various DEC and IBM midrange platforms for over 23 years. Barry discovered Linux back in the days when it was necessary to download diskette images and source code from the Internet. Since then, he has installed Linux on hundreds of machines, where it functions as servers and workstations in iSeries and Windows networks. He co-authored the book Understanding Linux Web Hosting with Don Denoncourt. Barry can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

BLOG COMMENTS POWERED BY DISQUS