Re: problem with register globals on new server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



""Richard Lynch"" <ceo@xxxxxxxxx> wrote in message 
news:2918.67.184.122.32.1165189075.squirrel@xxxxxxxxxxxxxxxx
> On Sun, December 3, 2006 5:22 am, Tony Marston wrote:
>>
>> ""Richard Lynch"" <ceo@xxxxxxxxx> wrote in message
>> news:63703.209.254.223.2.1165095595.squirrel@xxxxxxxxxxxxxxxx
>>> On Sat, December 2, 2006 5:31 am, Tony Marston wrote:
>>> I think it is quite possible for a sysAdmin to configure
>>> AllowOverride
>>> and .htaccess in such a way that "too much" latitude is granted to
>>> their clients to access each others' data...
>>
>> I disagree. What directives can give you access to other people's
>> data?
>
> I believe I once managed to track down a bit of data using
> FollowSymlink for a client that wasn't available otherwise.
>
> In our case, it was data they actually had a legal/moral right to see,
> but technical snafus were in the way.
>
> Presumably all the other combinations of AllowOverride are not there
> just for the sheer fun of complexity by the Apache team.
>
> I'm betting that at least some of them have security trade-offs in
> mind, and are not just about random features nor performance.
>
>>> And there is alleged to be a significant performance loss to
>>> .htaccess, so a hurried sysAdmin may have over-simplified their
>>> decision process...
>>
>> "Alleged" is the word. Where are the figures to support this? While
>> there is
>> "some" performance loss, with the speed of today;'s PCs can this
>> really be
>> considered as "significant"?
>
> I don't have benchmarks.
>
> Do you?

No, otherwise I would have quoted them. Generally speaking when people say 
that "X is inefficient or bad for performance" all they can prove is that if 
something extra is done then it takes extra processing time to perform that 
extra work, and they usually quote from an out-of-date source. While the 
time taken for Apace to process an htaccess file may have been significant 
on a 1Mhz processor it is barely noticeable on a 3Ghz processor.

If the time taken to process an htaccess file on one of today's processors 
adds 0.000001 seconds to a page's load time, would that be regarded as 
"significant"? Would this be a small price to pay for the advantage of being 
able to change Apache's configuration with an htaccess file?

-- 
Tony Marston
http://www.tonymarston.net
http://www.radicore.org 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux