On Mon, March 19, 2007 1:46 pm, Manuel Vacelet wrote: > 2007/3/19, Richard Lynch <ceo@xxxxxxxxx>: >> On Mon, March 19, 2007 12:46 pm, Manuel Vacelet wrote: >> > I would like to know if there is some common patterns to "out >> source" >> > the files served by a LAMP stack. >> > >> > Technicaly speaking I would like to store my files (application >> data) >> > on another machine than the one that runs my PHP app. (as I >> already do >> > with MySql). >> > >> > The best would be to use a secure connexion between my app. server >> and >> > the storage one (communication can be tunneled in SSH though). >> >> For a media rich site, it's super common to move the images (or >> other >> large-size files) off to a different server, with the hard drives >> and >> OS tuned for large files. (Or for small files, if they are, say, >> email bodies or somesuch.) >> >> This works especially well for content that is acquired by the >> visitor >> through a separate HTTP request anyway. >> >> What sort of application data are you looking at, though?... > > Ooops, forgot to precise my request ;) > > I don't want the user to perform a direct connexion to another server. > It's not a matter of performances but security. > > It's often recommended in some security guidelines to not store > application data on the same server than the one that runs the > application (for instance to avoid a apache or php failure expose your > files directly to anyone, or to let user execute a file she uploaded > thanks to another hole in another software). > > This is already possible with any DB to have a second server and to > connect to this server through an SSL tunnel. I would like to have the > same approach for all the files not in the DB. > > Note: obviously, there are security concerns in my request and there > are access rights on the files. > > I hope this clarify my needs. One common pattern in PHP is to not put the file in the web tree at all, and write a PHP script with 'readfile' (or fopen/fread/echo loop for larger files). You can then control access to the file, and log any kind of stats you need about accessing the file. Once you have that, then you can also put the files on some other server, and use URL fopen to read them, if you like. I've done that for one site where a webhost a like has limited hard drive space, and have made it appear as if a Terabyte of music is available on a 500 meg site. Or you could use PHP ftp functions to shuffle them around. Or, if you like, I suppose you could exec scp or something. It depends more on what you are trying to secure, and why, than it does on any sort of general principle, really... And just personal preference on how to do this sort of thing... And your performance needs are a big factor, sometimes. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
