[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security fix that started all this



On 9/8/06, Jason Rodrigues <..hidden..> wrote:
On Friday 08 September 2006 16:07, Tony Fraser wrote:
> On Fri, 2006-09-08 at 15:43 -0400, Christopher Murtagh wrote:
> >  The plan is to move all the files in users/ into a central database,
> > and the same for user modified templates and css. The advantages this
> > has are:

Templates in the db are tricky, because now we have to provide a way to load
the templates into the DB.  The time to test/edit/debug a template also
increases, because of that extra step.

 Think if the db as a different file system, except this one is
standard across all platforms. fopen for reading becomes a select,
fopen for writing becomes an update. It's a bit more overhead, but
it's minor and even on the most modest of hardware it's not a huge
amount.

CSS in the database is bad because you lose the ability to let Apache handle
it.  If you serve it with a .cgi, that's a fork(), exec, load, compile, read
data, send data.  And you have to make sure you get the nuances like
Content-type, content-length, and what not right.    Even if you serve it w/
mod_perl, it's still much slower than letting apache handle it directly.

Yes, but a difference of 50 milliseconds and .5 seconds is negligible
to a user sitting behind their browser (and I doubt it would be that
much of a difference). Serving css as a cgi has other advantages,
including tweaking the css depending on the http_user_agent.  We did
the same thing for www.mcgill.ca, and it really helped keep display
logic (tweaking for browser odities, etc) away from the core code and
allowed us to make the pages look the same in a lot of browsers.

Yes, again there is more overhead, but are these machines really being
taxed? I might be completely misjudging how this software is being
used, but I would imagine that in many cases it is a dedicated box for
the accounting software, in which case even a PIII could do this
without blinking. In the cases where the machine is doing other things
as well, again, it's a matter of scoping out the hardware for the job.
Are people running their installations on near capacity?

Cheers,

Chris