Fwd: Re: [PHPLIB] Re: [PHP3] persistent data From: nicholas klem (nklem <email protected>)
Date: 03/30/00

On Thu, 30 Mar 2000, Gary Bickford wrote:
> I thought about this a little bit. I think one could fake the regsitration process
> by making a loop around the database insertion code, generating random or
> sequential usernames.

uhm, I don't quite get what you mean. :-)
If you use phplibs authentication classes you will have to generate both a
$user_id ($u_id) and a $password to match it. If you can do that, then yes,
we're hacked. If you manage to assign yourself with admin permissions we're
dead. But that should be _very_ difficult AFAIK.

nicholas
nklem <email protected>

>
> nicholas klem wrote:
>
> > On Wed, 29 Mar 2000, Sascha Schumann wrote:
> > > On Wed, Mar 29, 2000 at 07:13:23PM +0200, nicholas klem wrote:
> > > > On Wed, 29 Mar 2000, you wrote:
> > > > > > Yes, but how is this persistence implemented? Is there a
> > > > > > mechanism for preserving these variables in server memory?
> > > > >
> > > > > Not in server memory. While server side session management
> > > > > would be awesome, I don't know how feasible that would be.
> > > > > As of right now, the only way I know of to keep persistant data
> > > > > is through the use of client side cookies.
> > > >
> > > > I'm experimenting with phplib, and I strongly suspect that it is possible to
> > > > configure the class sessions to store itself and children in some kind of
> > > > shared machine-memory. The example configuration file comes like this:
> > > >
> > > > #class Example_CT_Shm extends CT_Shm {
> > > > # var $max_sessions = 500; ## number of maximum sessions
> > > > # var $shm_key = 0x123754; ## unique shm identifier
> > > > # var $shm_size = 64000; ## size of segment
> > > > #}
> > >
> > > As the author of ct_shm I strongly discourage people from running it
> > > on production servers. The way shared memory is handled by the shared
> > > memory module is far from being efficient. For example, if you store
> > > 1000 variables and delete the first one, the module will copy 999 variables
> > > including the variable data to avoid memory fragmentation.
> > >
> > Thanks! A good thing to know. Maybe we could balance the load between mysql and
> > CT_Shm and see which breaks first? Anyone know of good ways to stress-test mysql
> > and/or php? Could be fun. ;-)
> >
> > nicholas
> > nklem <email protected>
> > -
> > PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
> > To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
> > the body, not the subject, of your message.
>
> --
> "Cyber is cyber, life is life."
> Gary E Bickford mailto:garyb <email protected>
> FXT Corporation http://www.fxt.com/ tel:541-383-2749
> mail:PO BOX 1808, SISTERS OR 97759 ship:66265 JERICHO ROAD, BEND OR 97701
>
>
>
> -
> PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
> To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
> the body, not the subject, of your message.

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.