php-general Digest 11 Jun 2013 17:16:09 -0000 Issue 8262

Tue, 11 Jun 2013 10:18:23 -0700 

php-general Digest 11 Jun 2013 17:16:09 -0000 Issue 8262

Topics (messages 321360 through 321368):

Re: Using Table prefixes
        321360 by: Julian Wanke
        321361 by: Tedd Sperling
        321362 by: Julian Wanke
        321367 by: Tamara Temple

basic authentication usage
        321363 by: Jim Giner
        321364 by: Julian Wanke
        321365 by: Jim Giner
        321366 by: Julian Wanke

htaccess to make html act as php suffixed files
        321368 by: Tedd Sperling

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- 
Tell this the facebook, google or nsa data team ^^

Am 10.06.2013, 16:15 Uhr, schrieb Tedd Sperling <tedd.sperl...@gmail.com>:


On Jun 8, 2013, at 4:17 PM, Julian Wanke <jswp...@gmx.at> wrote:
A database for each client? Isn't that over-powered? If you have 1000 clients, you would loose the overview over your databases... 

What -- people have more than one client?!?

My thoughts:
A client is like a girlfriend -- if you have too many, things can get real ugly, real fast.
If you have over 10 clients (let alone 1000), then you're probably overworked and not doing your best for each.
My advise -- raise your rates until you narrow those clients down to a manageable size. Both you and your clients will be happier. 

At least, that's been my experience -- YMMV.

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
Hi:

I am sure they do not turn over a 1000 clients to a single person.

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com





On Jun 10, 2013, at 2:11 PM, Julian Wanke <jswp...@gmx.at> wrote:

> Tell this the facebook, google or nsa data team ^^
> 
> Am 10.06.2013, 16:15 Uhr, schrieb Tedd Sperling <tedd.sperl...@gmail.com>:
> 
>> On Jun 8, 2013, at 4:17 PM, Julian Wanke <jswp...@gmx.at> wrote:
>> 
>>> A database for each client? Isn't that over-powered? If you have 1000 
>>> clients, you would loose the overview over your databases...
>> 
>> What -- people have more than one client?!?
>> 
>> My thoughts:
>> 
>> A client is like a girlfriend -- if you have too many, things can get real 
>> ugly, real fast.
>> 
>> If you have over 10 clients (let alone 1000), then you're probably 
>> overworked and not doing your best for each.
>> 
>> My advise -- raise your rates until you narrow those clients down to a 
>> manageable size. Both you and your clients will be happier.
>> 
>> At least, that's been my experience -- YMMV.
>> 
>> Cheers,
>> 
>> tedd
>> 
>> _____________________
>> tedd.sperl...@gmail.com
>> http://sperling.com
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- There servers are so good configured, that they don't need much maintainance. Facebook has 1,11 Billion Accounts. If we divide this through 1000 members per data team member they need 1 Million data team mebers, each of them has a salary which I would say is about 2000$. That means they have to pay 2 Billion US$ (!) per month to the data team which is very unrealistic.
I know such great companies are a bad example but my opinion is that a system should be as scalable as possible. 

Am 10.06.2013, 20:16 Uhr, schrieb Tedd Sperling <tedd.sperl...@gmail.com>:


Hi:

I am sure they do not turn over a 1000 clients to a single person.

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com





On Jun 10, 2013, at 2:11 PM, Julian Wanke <jswp...@gmx.at> wrote:


Tell this the facebook, google or nsa data team ^^
Am 10.06.2013, 16:15 Uhr, schrieb Tedd Sperling <tedd.sperl...@gmail.com>: 


On Jun 8, 2013, at 4:17 PM, Julian Wanke <jswp...@gmx.at> wrote:
A database for each client? Isn't that over-powered? If you have 1000 clients, you would loose the overview over your databases... 

What -- people have more than one client?!?

My thoughts:
A client is like a girlfriend -- if you have too many, things can get real ugly, real fast.
If you have over 10 clients (let alone 1000), then you're probably overworked and not doing your best for each.
My advise -- raise your rates until you narrow those clients down to a manageable size. Both you and your clients will be happier. 

At least, that's been my experience -- YMMV.

Cheers,

tedd

_____________________
tedd.sperl...@gmail.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
Julian Wanke <jswp...@gmx.at> wrote:
> Facebook has 1,11 Billion Accounts. If we divide this through 1000
> members per data team member they need 1 Million data team mebers,
> each of them  has a salary which I would say is about 2000$.
> That means they have to pay 2 Billion US$ (!) per month to the data
> team which is very unrealistic.

I think, again, that people have *very* different concepts of what the
term 'client' means. I would never call Facebook's billion accounts
clients - they are users.

And, seriously, I think taking a concept to absurd lengths is just that,
absurd.

--- End Message ---
--- Begin Message --- Trying to learn how this works for a simple security need I have. Nothing serious, hence this experiment. 

My code:
if (!isset($_SERVER['PHP_AUTH_USER']))
{
   header('WWW-Authenticate: Basic realm="My Realm"');
   header('HTTP/1.0 401 Unauthorized');
   echo '<h3>You have chosen not to signin<br><br>';
   echo "Click <a href='/index.php'>here</a> to go back to the menu";
   unset($_SERVER['PHP_AUTH_USER']);
   unset($_SERVER['PHP_AUTH_PW']);
   unset($_ENV['PHP_AUTH_USER']);
   unset($_ENV['PHP_AUTH_PW']);
   exit;
}
else
{
   echo "checking creds<br>";
   if ($_SERVER['PHP_AUTH_USER'] <> "validuser")
   {
      unset($_SERVER['PHP_AUTH_USER']);
      unset($_SERVER['PHP_AUTH_PW']);
      unset($_ENV['PHP_AUTH_USER']);
      unset($_ENV['PHP_AUTH_PW']);
      echo '<h3>You have entered invalid information.<br><br>';
      echo "Click <a href='/index.php'>here</a> to go back to the menu";
      exit();
   }
}
(if we get here we have signed on)
(....continue on with script)

*******
My problem is trying to remove the invalid credentials (unsets) so that when the user attempts to access the page again, the signin dialog gets displayed. On my second attempt I always get the "invalid" path and never get a chance to re-enter the credentials. 

What am I missing (besides it's a lousy security solution)?
Can one NOT unset a SERVER variable? How does one get around that in this case if so?

--- End Message ---
--- Begin Message --- I think that the problem here is, that the unset of the $_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser. If you've got a directory protection, the browser needs a restart to show the login dialog before. I may be wrong because I'm using forms normally but the Authentification cannot be reset so easily... 

Am 10.06.2013, 22:28 Uhr, schrieb Jim Giner <jim.gi...@albanyhandball.com>:
Trying to learn how this works for a simple security need I have. Nothing serious, hence this experiment. 

My code:
if (!isset($_SERVER['PHP_AUTH_USER']))
{
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo '<h3>You have chosen not to signin<br><br>';
    echo "Click <a href='/index.php'>here</a> to go back to the menu";
    unset($_SERVER['PHP_AUTH_USER']);
    unset($_SERVER['PHP_AUTH_PW']);
    unset($_ENV['PHP_AUTH_USER']);
    unset($_ENV['PHP_AUTH_PW']);
    exit;
}
else
{
    echo "checking creds<br>";
    if ($_SERVER['PHP_AUTH_USER'] <> "validuser")
    {
       unset($_SERVER['PHP_AUTH_USER']);
       unset($_SERVER['PHP_AUTH_PW']);
       unset($_ENV['PHP_AUTH_USER']);
       unset($_ENV['PHP_AUTH_PW']);
       echo '<h3>You have entered invalid information.<br><br>';
       echo "Click <a href='/index.php'>here</a> to go back to the menu";
       exit();
    }
}
(if we get here we have signed on)
(....continue on with script)

*******
My problem is trying to remove the invalid credentials (unsets) so that when the user attempts to access the page again, the signin dialog gets displayed. On my second attempt I always get the "invalid" path and never get a chance to re-enter the credentials. 

What am I missing (besides it's a lousy security solution)?
Can one NOT unset a SERVER variable? How does one get around that in this case if so?

--- End Message ---
--- Begin Message --- 
On 6/10/2013 4:33 PM, Julian Wanke wrote:

I think that the problem here is, that the unset of the
$_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser.
If you've got a directory protection, the browser needs a restart to
show the login dialog before.
I may be wrong because I'm using forms normally but the Authentification
cannot be reset so easily...
No - I think you misunderstood. I am NOT using directory protection, hence my attempt at using this method.

--- End Message ---
--- Begin Message --- 
I just mentioned that as an example.

For this authentification the server sends a Authorization header.
The client's browser requests the credentials from the user and save them in the RAM. 
Now the client's browser sends the credentials to the server.
And what's important: The browser sends the credentials in each further request from now. So the browser stores the username and password for the session in the RAM and they can't be changed or deleted from the server's side. In fact the authorization works similar to cookies with the difference, that cookies can be set server-side and the HTTP authorization can't. That's the reason why you can't unset the invalid credentials, if entered one time the browser will send them in each request, it doesn't matter what the server does. 

I hope you understood what I mean...

Am 10.06.2013, 23:14 Uhr, schrieb Jim Giner <jim.gi...@albanyhandball.com>:


On 6/10/2013 4:33 PM, Julian Wanke wrote:

I think that the problem here is, that the unset of the
$_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser. 
If you've got a directory protection, the browser needs a restart to
show the login dialog before.
I may be wrong because I'm using forms normally but the Authentification
cannot be reset so easily...
No - I think you misunderstood. I am NOT using directory protection, hence my attempt at using this method.

--- End Message ---
--- Begin Message --- 
Hi gang:

To get html pages to use php scripts, I've used:

RewriteEngine on
# handler for phpsuexec. -- this makes these prefixes considered for php
<FilesMatch "\.(htm|html)$">
 SetHandler application/x-httpd-php
</FilesMatch>

In a .htaccess file.

However, it works on one site, but not on another -- any ideas as to why?

Cheers,

tedd


_____________________
t...@sperling.com
http://sperling.com

--- End Message ---

Reply via email to