Re: [PHP] problem with register globals on new server
On Mon, December 4, 2006 4:53 am, Tony Marston wrote: No, otherwise I would have quoted them. Generally speaking when people say that X is inefficient or bad for performance all they can prove is that if something extra is done then it takes extra processing time to perform that extra work, and they usually quote from an out-of-date source. While the time taken for Apace to process an htaccess file may have been significant on a 1Mhz processor it is barely noticeable on a 3Ghz processor. If the time taken to process an htaccess file on one of today's processors adds 0.01 seconds to a page's load time, would that be regarded as significant? Would this be a small price to pay for the advantage of being able to change Apache's configuration with an htaccess file? The time to process the .htaccess file is chump-change. The time to do the fstat calls and disk seeks on EVERY PAGE HIT in each sub-directory to find and load any .htaccess files that MIGHT be there, and MIGHT have changed is not chump-change, almost for sure, to this day. Disk I/O is still relatively expensive. Feel free to find or create some benchmarks if you wish to disprove this oft-quoted myth. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sun, December 3, 2006 5:22 am, Tony Marston wrote: Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sat, December 2, 2006 5:31 am, Tony Marston wrote: I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... I disagree. What directives can give you access to other people's data? I believe I once managed to track down a bit of data using FollowSymlink for a client that wasn't available otherwise. In our case, it was data they actually had a legal/moral right to see, but technical snafus were in the way. Presumably all the other combinations of AllowOverride are not there just for the sheer fun of complexity by the Apache team. I'm betting that at least some of them have security trade-offs in mind, and are not just about random features nor performance. And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... Alleged is the word. Where are the figures to support this? While there is some performance loss, with the speed of today;'s PCs can this really be considered as significant? I don't have benchmarks. Do you? No, otherwise I would have quoted them. Generally speaking when people say that X is inefficient or bad for performance all they can prove is that if something extra is done then it takes extra processing time to perform that extra work, and they usually quote from an out-of-date source. While the time taken for Apace to process an htaccess file may have been significant on a 1Mhz processor it is barely noticeable on a 3Ghz processor. If the time taken to process an htaccess file on one of today's processors adds 0.01 seconds to a page's load time, would that be regarded as significant? Would this be a small price to pay for the advantage of being able to change Apache's configuration with an htaccess file? -- Tony Marston http://www.tonymarston.net http://www.radicore.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
Tony Marston wrote: Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sun, December 3, 2006 5:22 am, Tony Marston wrote: Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sat, December 2, 2006 5:31 am, Tony Marston wrote: I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... I disagree. What directives can give you access to other people's data? I believe I once managed to track down a bit of data using FollowSymlink for a client that wasn't available otherwise. In our case, it was data they actually had a legal/moral right to see, but technical snafus were in the way. Presumably all the other combinations of AllowOverride are not there just for the sheer fun of complexity by the Apache team. I'm betting that at least some of them have security trade-offs in mind, and are not just about random features nor performance. And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... Alleged is the word. Where are the figures to support this? While there is some performance loss, with the speed of today;'s PCs can this really be considered as significant? I don't have benchmarks. Do you? No, otherwise I would have quoted them. Generally speaking when people say that X is inefficient or bad for performance all they can prove is that if something extra is done then it takes extra processing time to perform that extra work, and they usually quote from an out-of-date source. While the time taken for Apace to process an htaccess file may have been significant on a 1Mhz processor it is barely noticeable on a 3Ghz processor. If the time taken to process an htaccess file on one of today's processors adds 0.01 seconds to a page's load time, would that be regarded as significant? Would this be a small price to pay for the advantage of being able to change Apache's configuration with an htaccess file? It would depend on your site as well. If you have a lot of directories, apache has to go from the bottom to the top of the site to see if there are any htaccess files along the way.. Whether that causes a noticeable performance difference I doubt it (but then again I'd argue that a site with a huge directory structure would need a bit of a redesign anyway). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sat, December 2, 2006 5:31 am, Tony Marston wrote: If you site administrator thinks that using an htaccess file is a security issue then he is very much mistaken. The directives in an htaccess file DO NOT enable you to access any one else's data on a shared server. All they do is apply additional settings to your own site while leaving UNTOUCHED the settings being used by other sites. Most professional web hosting companies do not have an issue with htaccess files, so if yours does I would suggest switching to one with a more professional attuitude. I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... I disagree. What directives can give you access to other people's data? And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... Alleged is the word. Where are the figures to support this? While there is some performance loss, with the speed of today;'s PCs can this really be considered as significant? At any rate, if you need .htaccess, and they don't want to provide it, there are a few thousand webhosts that do. Exactly. So it canno be that much of a problem. I certainly wouldn't sign up with a host that didn't provide it, and would move to one that did ASAP if I found myself using one that didn't provide that. I agree absolutely. -- Tony Marston http://www.tonymarston.net http://www.radicore.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
On Sun, December 3, 2006 5:22 am, Tony Marston wrote: Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sat, December 2, 2006 5:31 am, Tony Marston wrote: I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... I disagree. What directives can give you access to other people's data? I believe I once managed to track down a bit of data using FollowSymlink for a client that wasn't available otherwise. In our case, it was data they actually had a legal/moral right to see, but technical snafus were in the way. Presumably all the other combinations of AllowOverride are not there just for the sheer fun of complexity by the Apache team. I'm betting that at least some of them have security trade-offs in mind, and are not just about random features nor performance. And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... Alleged is the word. Where are the figures to support this? While there is some performance loss, with the speed of today;'s PCs can this really be considered as significant? I don't have benchmarks. Do you? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: hi, I had to move my osComerce store to new hosting company. new server runs on php5/mysql5. got this error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! since evenon old server globals was Off I was adding ifModule mod_php4.c php_value register_globals 1 /ifModule Now, I tried with ifModule mod_php5.c php_value register_globals On /ifModule but it doesn't work. Maybe your host doesn't allow it to be changed through a htaccess.. Is htaccess support enabled? Put garbage in the file (random chars) and if you get a 500 internal server error, htaccess files work.. if you don't, that's the problem. yup! that was the problem. though, after I talked to administrator, he is not happy to reconfigure Apache to allow .htaccess because of security issue. Is this REALLY so big issue? If you site administrator thinks that using an htaccess file is a security issue then he is very much mistaken. The directives in an htaccess file DO NOT enable you to access any one else's data on a shared server. All they do is apply additional settings to your own site while leaving UNTOUCHED the settings being used by other sites. Most professional web hosting companies do not have an issue with htaccess files, so if yours does I would suggest switching to one with a more professional attuitude. -- Tony Marston http://www.tonymarston.net http://www.radicore.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
On Sat, December 2, 2006 5:31 am, Tony Marston wrote: If you site administrator thinks that using an htaccess file is a security issue then he is very much mistaken. The directives in an htaccess file DO NOT enable you to access any one else's data on a shared server. All they do is apply additional settings to your own site while leaving UNTOUCHED the settings being used by other sites. Most professional web hosting companies do not have an issue with htaccess files, so if yours does I would suggest switching to one with a more professional attuitude. I think it is quite possible for a sysAdmin to configure AllowOverride and .htaccess in such a way that too much latitude is granted to their clients to access each others' data... And there is alleged to be a significant performance loss to .htaccess, so a hurried sysAdmin may have over-simplified their decision process... At any rate, if you need .htaccess, and they don't want to provide it, there are a few thousand webhosts that do. I certainly wouldn't sign up with a host that didn't provide it, and would move to one that did ASAP if I found myself using one that didn't provide that. Actually, I'd settle for a way to schedule a push of an approved change into their httpd.conf (or include files thereof) for my site's VirtualHost directive, but I suppose that's a lot to ask of a host... :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
[EMAIL PROTECTED] wrote: hi, I had to move my osComerce store to new hosting company. new server runs on php5/mysql5. got this error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! since evenon old server globals was Off I was adding ifModule mod_php4.c php_value register_globals 1 /ifModule Now, I tried with ifModule mod_php5.c php_value register_globals On /ifModule but it doesn't work. Maybe your host doesn't allow it to be changed through a htaccess.. Is htaccess support enabled? Put garbage in the file (random chars) and if you get a 500 internal server error, htaccess files work.. if you don't, that's the problem. yup! that was the problem. though, after I talked to administrator, he is not happy to reconfigure Apache to allow .htaccess because of security issue. Is this REALLY so big issue? I have several osComerce carts and in some (most) of them I did some changes in code. Means, I have to move all carts to other shopping cart app and it's HUGE work?!? btw, any free cart that is well supported in php5/mysql5/apache2 and register globals off etc. to recomend? thanks. -afan Also I think apache is case sensitive: IfModule mod_php5.c ^ (not 100% sure but worth a try). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
[EMAIL PROTECTED] wrote: yup! that was the problem. snip btw, any free cart that is well supported in php5/mysql5/apache2 and register globals off etc. to recomend? thanks. -afan Well I would really be tempted to say, MINE ! Although it's still in a sick state alpha version right now ... It's been under development for 8 months now and aims primarily at handling large amounts of products imported for CSV files. Ie retrieving catalogs from distributors and handling all that in relatively automated way. I might be putting the project up under some free license at some point. All works with PHP 5 and register_globals Off. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with register globals on new server
hi, I had to move my osComerce store to new hosting company. new server runs on php5/mysql5. got this error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! since evenon old server globals was Off I was adding ifModule mod_php4.c php_value register_globals 1 /ifModule Now, I tried with ifModule mod_php5.c php_value register_globals On /ifModule but it doesn't work. any help will be appreciated. thanks -afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with register globals on new server
[EMAIL PROTECTED] wrote: hi, I had to move my osComerce store to new hosting company. new server runs on php5/mysql5. got this error: FATAL ERROR: register_globals is disabled in php.ini, please enable it! since evenon old server globals was Off I was adding ifModule mod_php4.c php_value register_globals 1 /ifModule Now, I tried with ifModule mod_php5.c php_value register_globals On /ifModule but it doesn't work. Maybe your host doesn't allow it to be changed through a htaccess.. Is htaccess support enabled? Put garbage in the file (random chars) and if you get a 500 internal server error, htaccess files work.. if you don't, that's the problem. Also I think apache is case sensitive: IfModule mod_php5.c ^ (not 100% sure but worth a try). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php