[OWASP_PHPSEC] FileLastModified ?

Abbas Naderi abiusx at owasp.org
Tue Jun 25 18:07:06 UTC 2013


But that puts a lot of load on the server, pretty unnecessary.
-A
On Tir 4, 1392, at 10:36 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> After reading it looks like it uses hash value to check if file has been modified. The concept is same, its just that file checking is more stricter, so that no one can fool around by checking dates.
> 
> 
> On Tue, Jun 25, 2013 at 1:56 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> I have never done it, search around to see if its necessary or not.
> -A
> 
> On Tir 4, 1392, at 9:51 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
>> IN my implementation of "file last modified", would you like to include me the "ETag" header or should I leave it as it is.
>> 
>> 
>> On Tue, Jun 25, 2013 at 1:08 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>> These are sent by the browser in HTTP headers! Check a list of common headers and you will see.
>> Everything starting with HTTP_* is a http header.
>> -A
>> 
>> On Tir 4, 1392, at 8:28 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
>> 
>>> OK....I get the equality thing now...such a silly question it was ... :P
>>> 
>>> Now tell me about the two server variables  HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH. Do these server variables automatically gets set?
>>> 
>>> Suppose if I maintain the server in company, what do I have to do to set these variables ?
>>> 
>>> 
>>> On Tue, Jun 25, 2013 at 4:29 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>> Feel free to IM me anytime you needed, thats why I'm there.
>>> 
>>> This is the scenario:
>>> You present a file to the browser, along with its last modification time. Browser caches the file along with this time. Next time browser asks for that file, it tells you that it has the version with that time, and you check the time of your file again, and if its a match they already have it. 
>>> 
>>> You need to check if its exactly the same, because any older or newer file you replace (you dont always put a newer file there, maybe you revert it) should be replaced with the one browser has in cache.
>>> 
>>> Thanks
>>> -Abbas
>>> 
>>> On Tir 4, 1392, at 4:48 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
>>> 
>>>> After reading lots of materials, I now understand the whole concept of cache control in PHP. I also was able to understand your code and other codes in the web to check if the page has been modified or not.
>>>> 
>>>> 1) What I don't understand is where the server variables such as HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH are set. How do they work. There is no proper documentation that I could find.
>>>> 
>>>> 2) Also in the code, why equality is checked. Shouldn't you check if some time is greater than the other, then send the new page, otherwise the cached page will be used.
>>>> if ($if_modified_since == $gmdate_mod)
>>>>     {
>>>> 	if ($SendHeader) header("HTTP/1.0 304 Not Modified");
>>>> 	return false;
>>>>     }
>>>> 
>>>> I think we should IM. I am very unclear on these two matters.
>>>> 
>>>> -- 
>>>> Regards,
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>> _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>> 
>> 
>> 
>> 
>> -- 
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130625/a8de61b6/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list