On Mon, May 13, 2002 at 09:04:36AM +0300, Marko Karppinen wrote:
I have been quite happy to have finally got rid of libtool on our links,
however! I'd much prefer committing the rest of your patch and waiting for
the first bug report about libtool-specific dependencies.
The problem is that
I added Net_DIME today to PEAR, it's a rough implementation of DIME.
It's quite unfinished/undocumented and not all the spec is in place on
it, but I thought I'd mention it since there's a few things I'd like to
do it it, and if anyone wants to jump in that would be very cool. I
haven't
Hi,
We want to move from Lotus notes to an web based application .In this
moving period we suffer from lotus funs ..To overcome this problem we thing
that a smooth movement should be fine ..Yesterday I have seen that lotus
notes functions in the manual ..Bu its written there 'There is no
We want to move from Lotus notes to an web based application .In this
moving period we suffer from lotus funs ..To overcome this
problem we thing
that a smooth movement should be fine ..Yesterday I have seen that lotus
notes functions in the manual ..Bu its written there 'There is no
Jason,
He has a point in the sense that it's trivially easy to starve a PHP based
web server from within, safe mode enabled or not. What you describe as the
automated way in which the web server will overcome this attack is not
realistic - pretty quickly, the web server would hit the maximum
Justin,
httpd-2.0 doesn't build with the stock libtool-1.4.2 either. So,
if you're using Apache 2.0, you're going to need a patched libtool
anyway. I'd imagine that binary distributions of httpd-2.0 will
include the patched libtool in its installbuilddir (whomever built
the binary needs a
At 11:42 13/05/2002, veins wrote:
He has a point in the sense that it's trivially easy to starve a PHP based
web server from within, safe mode enabled or not. What you describe as
the
automated way in which the web server will overcome this attack is not
realistic - pretty quickly, the
On 12 May 2002 23:42:21 +0200
Stig S. Bakken [EMAIL PROTECTED] wrote:
Well, as long as there is exec(2), there is a way. How many users do
Lycos Europe provide sandboxed PHP for?
heya,
We provide php for roughly 5 000 000 users, and it's growing everyday by 5000
approximately.
Chrooted
Not for every user, but you can at least chroot people away to the same
dir where they can not do local server hacks. I was _not_ suggesting
that you set up five million chroot environments. :-)
But, you said yourself that you bailed out on safe mode and went for a
cgi setup. So that means
IMHO this is the path we should pursue for PHP 5.0.
- Stig
On Mon, 2002-05-13 at 00:53, Shane Caraveo wrote:
FastCGI can provide the security needed in shared environments, without
loosing all the performance. I don't beleive it is fast as direct
server plugins, but there are other
Hi,
this looks really worse. In fact, that's the wort example
I've seen so far. This makes the code unmaintainable and
unreadable. What would the real world usage over a function
be? Also I don't think it's feasable to implement this with
the current engine. PHP is all
Hi,
This makes the code unmaintainable and
unreadable. What would the real world usage over a function
be?
I agree. Also the sample code he provided could be simply executed using
the eval command... i.e:
def(AAA, echo(\bla\);); //evaluate constant definition
and then calling it
I don't like safe mode and I don't use it on any of my systems and manage to
convince most of my customers not to use it either. However, I happen to
write distributable software written in PHP and had on more then 1 occassion
came across systems with safe_mode enabled. While writing the code
On May 13, 2002 04:42 am, veins wrote:
He has a point in the sense that it's trivially easy to starve a PHP
based web server from within, safe mode enabled or not. What you
describe as
the
automated way in which the web server will overcome this attack is not
realistic - pretty
Now you are really starting to stretch it. I am sure the ratio of
customers that have db backends are much smaller than general webhosting
customers
PHP is very commonly used with a database (MySQL). I'd venture to say that 70%
of people who actively use PHP use it with MySQL or another
I did a quick little profile of a lightly hit PHP server running a variety
of PHP apps such as IMP, Gallery and a couple of small MySQL-driven apps.
A semi-representative tiny snapshot of what I would consider normal usage
of PHP. I threw oprofile at it (oprofile.sourceforge.org) and here are
We already tried our best to optimize most of the functions that show up in
profiling. Not surprisingly, they are mostly the infrastructure functions...
What profiler are you using? If it's under Linux, chances are it's
*extremely* inaccurate. Profiling under Linux is horrible.
Zeev
At
I did specify the profiler on line 4 of the message. And it is a pretty
good one actually.
On Mon, 13 May 2002, Zeev Suraski wrote:
We already tried our best to optimize most of the functions that show up in
profiling. Not surprisingly, they are mostly the infrastructure functions...
What
The link you specified doesn't work (it's .net)... Nice touch on their part
on having a page that doesn't render under IE :)
Anyway, the important question is whether you're using it under Linux or
some other OS. Under Linux, unless it has some kernel module, it's going
to be horribly
oprofile only works under Linux and it is driven by a kernel module.
On Mon, 13 May 2002, Zeev Suraski wrote:
The link you specified doesn't work (it's .net)... Nice touch on their part
on having a page that doesn't render under IE :)
Anyway, the important question is whether you're using
Has anyone compilled a list describing which extensions are safe to use
when running php as a Apache-module under win2k?
I'm aware of the stability problems of the said setup and am currently
running PHP as cgi.
My current project is only dependent on mysql, but it would be nice to know
which
Would this be a good moment to re post this patch a 2nd time? :)
Diff'ed against the stable 4.2.0 source package.
Adds the same behavior as the CGI and ISAPI modules with regard to PATH_INFO
and PATH_TRANSLATED variables to the Apache 2 filter interface. If the user
does not specifically set
On Mon, May 13, 2002 at 08:57:35PM +0200, Daniel BODEA wrote:
Would this be a good moment to re post this patch a 2nd time? :)
Diff'ed against the stable 4.2.0 source package.
Adds the same behavior as the CGI and ISAPI modules with regard to PATH_INFO
and PATH_TRANSLATED variables to
1 - consistency with previous versions
2 - cgi behavior (like in mod_cgi)
D
- Original Message -
From: Aaron Bannert [EMAIL PROTECTED]
To: Daniel BODEA [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, May 13, 2002 9:01 PM
Subject: Re: [PHP-DEV] [PATCH] add PATH_INFO and
One More Thing, Justin :)
+MH_BUNDLE_FLAGS=`$APXS_BINDIR/apr-config --ldflags --link-ld --libs`
Could you give me a scenario where we might need something from --ldflags or
--link-ld? Wouldn't just the libs do? I'd rather not include something that
might override our choices on the link line.
Seriously though, if at this point, all the 'base code' of PHP is
certified, could it be possible to start a checklist of which modules have
been certified and which haven't?
The question is how one would certify an extension? You can't just look
at the code for 3 minutes and say, yup, this
At 12:01 PM -0700 5/13/02, Aaron Bannert wrote:
On Mon, May 13, 2002 at 08:57:35PM +0200, Daniel BODEA wrote:
Would this be a good moment to re post this patch a 2nd time? :)
Diff'ed against the stable 4.2.0 source package.
Adds the same behavior as the CGI and ISAPI modules with regard to
Hi,
while pondering around with #17185 I came about this little
issue here (trying to readfile an url which doesn't exist):
Given:
?
error_reporting(E_ALL);
$foo = readfile(http://guru.josefine.at/messanottaexist;);
var_dump($foo);
?
HEAD
On Mon, 2002-05-13 at 17:53, Zeev Suraski wrote:
The link you specified doesn't work (it's .net)... Nice touch on their part
on having a page that doesn't render under IE :)
Anyway, the important question is whether you're using it under Linux or
some other OS. Under Linux, unless it has
Well, zend_parse() is actually not always on top. I have run this thing
longer now and it currently looks like this: (reverse order)
001bdcd0 293 0.42199 init_op
00156c08 306 0.440713smart_str_appendl_ex
0019b484 334 0.481039php_strlcpy
001db788 337 0.48536
Yes, I do completely understand the problems in ensuring thread-safeness
... I've done it myself before for a secure system, where we had to scan
complete code for knowing what was thread-safe, and what wasn't.
Having to do that for multiple machines, is even worse, so I can definitely
At 23:59 13/05/2002, Stig S. Bakken wrote:
Seeing that the single most time-consuming function is zend_parse, it
would be interesting to see where the bottleneck moves when using
ZendAccelerator or another caching product. Did you try that setup with
NuMega's profiler?
It still stays in the
On Mon, May 13, 2002 at 10:41:16PM +0300, Marko Karppinen wrote:
One More Thing, Justin :)
+MH_BUNDLE_FLAGS=`$APXS_BINDIR/apr-config --ldflags --link-ld --libs`
Could you give me a scenario where we might need something from --ldflags or
--link-ld? Wouldn't just the libs do? I'd rather
On 13/05/02, Markus Fischer [EMAIL PROTECTED] wrote:
No idea what's wrong with 2)
Its the zval that holds the headers that's leaking.
The line I've marked with 'MARK 1' results in the 'Success'
phrase because errno is just zero. And as far as I could see
in
Hello all,
is there a set of tests and measurements that is available somewhere to check the
performance of PHP on a system, and how it compares to other systems? Couldn't find
anything public.
Fab.
As the subject says, can anyone give me a timeline estimate for full
usage (not experimental) of PHP within Apache 2.0?
I ask because I am the maintainer of a server that recently got LOADS of
hits, and was brought to it's knees (Hubble Space Telescope). We
managed through, but during
I don't see any chance that Apache2+PHP is production quality in a month.
There are simply too many new things for that to be the case. A bunch of
the 3rd-party libraries you can link into PHP may or may not be completely
threadsafe. We simply don't know yet. The Apache2 module itself has had
On Mon, May 13, 2002 at 02:19:42PM -0400, Eli White wrote:
As the subject says, can anyone give me a timeline estimate for full
usage (not experimental) of PHP within Apache 2.0?
I ask because I am the maintainer of a server that recently got LOADS of
hits, and was brought to it's knees
*cackle* Ok, and after I get fired for having to explain to my boss that
it was my fault that the server was down because I was playing with
experimental code, I'll have plenty of time to write you back about the
problems I encountered :)
Seriously though, if at this point, all the 'base
On Mon, May 13, 2002 at 03:23:17PM -0400, Eli White wrote:
*cackle* Ok, and after I get fired for having to explain to my boss that
it was my fault that the server was down because I was playing with
experimental code, I'll have plenty of time to write you back about the
problems I
At 01:00 PM 5/13/2002 -0700, Aaron Bannert wrote:
We would appreciate any feedback you could give, but if you are looking
for a committment on our part to some guarantee of code quality, I
suggest you review the license.
No, I wasn't ... I just initially wanted to know if there was any planned
At 5:05 PM -0400 13/5/02, Eli White wrote:
We strive to provide the best possible
experience for everyone, and knowingly breaking for someone, when we didn't
have to, is 'bad'. (bad use of government money too, at least seen as
such). So I can test on my spare server, load it myself as I see
On Mon, 13 May 2002, Cliff Woolley wrote:
Yes, this works. Someone with Zend karma please commit it.
Uhh, oops, it was already committed I guess. Hmph, wonder why cvs up
didn't give me the message I expected. Oh well, never mind. ;)
Thanks,
--Cliff
I tried to write PHP code interacting with Windows-based application.
function send_recv($ip, $port, $timeout, $QUERY)
{
$fp = fsockopen($ip, $port, $errno, $errstr, $timeout);
if (!$fp) return NULL;
fputs($fp, $QUERY);
$REPLY = fread($fp, 128);
while (!feof($fp)) {
$REPLY. =
Hello,
What's the exact protocol behind the announcements
list? Usually announcements get posted but not always.
Looking through news I see:
4.0.4
?
?
4.0.6 memory limit patch
a couple of php-gtk announcements
4.1.0
4.1.1
?
4.2.0
As you can see, a few are missing. I'm
Rasmus Lerdorf wrote:
Heh, I am certain that most ISPs admins are not subscribed to the
development list of every software they are running, monitoring such
lists would be near impossible due to large cumulative volume of email. I
am sure some IPSs will do exactly what you suggest and
PHP being a web server scripting language is a unique case, for example
consider that once apache 2.0 becomes stable, safe_mode will become
obsolete, on the other hand the situation described here will become quite
deadly if some sort of threaded mode is used. So FD limit would because
quite
Jason Greene wrote:
while(1) fopen(rand(), w);
After a few seconds depending on system speed system will run out of file
pointers. I am sure you can see how that would be BAD.
You are _extremely_ incorrect. The previously mentioned code would open
1 file descriptor repeatedly until
48 matches
Mail list logo