Stut wrote: >> Make any PHP-based script available without usage-restriction, and >> you've got yourself a DDOS potential. Using exec() doesn't change >> anything. > > I would argue that it makes it easier since creating and tearing down > processes is a pretty expensive operation for most OS's, but like I > said you're free to do whatever you want with your servers and > clients. I don't know about most OS'es, but "creating and tearing down processes" is very cheap on Linux. The fork() call takes very few resources (copy-on-write etc.) If you subsequently load another binary using execv(), it could well turn into a "pretty expensive operation", but that's up to you. If you're the target of a DOS attack, I would venture a guess and say your Apache server is dead long before exec() would have a chance to exacerbate the problem. Regardless, the OP was after delivering large files compressed chunk by chunk - I really do not see a security issue in using gzip for that, but I still like Andre Robinets solution better. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
