[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Template storage mechanism?



Hi Lee;


> We can load all the default templates into the db.  It would be
> trivial to do that.

Yes, but also not much use, IMO. It's about the same thing as storing
images as BLOB fields in a database as opposed to just dropping the images
into a directory as a jpg file and linking to it.

There are some differences though.  In general, if I put something
that the web server needs *write* access on the filesystem, then I
have to assume that it could be compromised, either by a bug in our
software, or by a bug in other software running on the same web
server.  If we put it in the db, then the web server itself only has
permission to access the file based on the credentials of the
currently logged in user.  I suspect that there may be some serious
security gains if we can get to the point where the main application
doesn't need write access to the filesystem at all.

I don't actually think that all templates need to go in the db, just
the user editable ones.

One way or another, we have to have strong enforcement for HTML
templates and these need to be sufficiently strong to prevent other
web applications in the same server from being able to write to those
files.  The filesystem really isn't designed to do this,
unfortunately.

This would also not be a 'good thing' for performance if there are already
conerns over lsmb performance and the use of mod_perl.

Well, right now, the major performance concerns are in page load.
This can be an issue if you have to worry about the responsiveness of
an application for each line of a 100-line invoice you add.  On the
other hand, waiting an extra half-second for the template isn't the
same sort of workflow bottleneck.

As well, In a web environment, the field data would have to be pulled out,
saved as a file and then linked to in any case. Same thing for TeX. Ugly.

>> Another thing could be ancilliary files - eg, for my consulting biz I have a
>> pdf file that I use as a watermark on my invoices, and our retail biz uses
>> png and eps files that we have our logo in - would those then be stored in
>> the db somehow, or will we always end up with some "stragglers" out on the
>> filesystem?

> Good question.  I don't know if that has been looked at.  See?  Peer
> review is good...

Another reason to stick with files. Uniformity.

I am more worried about being able to exploit loadable templates in
this way.  I think restricting access in the db and sanatizing the
template before it is saved (and the input before it is rendered) is
likely to be the easiest and most robust way to prevent arbitrary
malicious users from breaking into the application.

But I am open to other suggestions.

Best Wishes,
Chris Travers