[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security fix that started all this

Jason Rodrigues wrote:
On Friday 08 September 2006 16:07, Tony Fraser wrote:
On Fri, 2006-09-08 at 15:43 -0400, Christopher Murtagh wrote:
 The plan is to move all the files in users/ into a central database,
and the same for user modified templates and css. The advantages this
has are:

Templates in the db are tricky, because now we have to provide a way to load the templates into the DB. The time to test/edit/debug a template also increases, because of that extra step.

CSS in the database is bad because you lose the ability to let Apache handle it. If you serve it with a .cgi, that's a fork(), exec, load, compile, read data, send data. And you have to make sure you get the nuances like Content-type, content-length, and what not right. Even if you serve it w/ mod_perl, it's still much slower than letting apache handle it directly.

It would seem that instead we should have editing CSS/templates from the website->database but have a publish button that would call a procedure that pulls everything out of the database and publishes it to the filesystem.


Joshua D. Drake


Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Ledger-smb-devel mailing list


   === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
   Providing the most comprehensive  PostgreSQL solutions since 1997