[OWASP_PHPSEC] FileLastModified ?

rahul chaudhary rahul300chaudhary400 at gmail.com
Tue Jun 25 18:08:58 UTC 2013


hmm...I also thought that...so I thought better ask you..:)


On Tue, Jun 25, 2013 at 2:07 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> But that puts a lot of load on the server, pretty unnecessary.
> -A
>
> On Tir 4, 1392, at 10:36 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> After reading it looks like it uses hash value to check if file has been
> modified. The concept is same, its just that file checking is more
> stricter, so that no one can fool around by checking dates.
>
>
> On Tue, Jun 25, 2013 at 1:56 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> I have never done it, search around to see if its necessary or not.
>> -A
>>
>> On Tir 4, 1392, at 9:51 PM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>> IN my implementation of "file last modified", would you like to include
>> me the "ETag" header or should I leave it as it is.
>>
>>
>> On Tue, Jun 25, 2013 at 1:08 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>>
>>> These are sent by the browser in HTTP headers! Check a list of common
>>> headers and you will see.
>>> Everything starting with HTTP_* is a http header.
>>> -A
>>>
>>> On Tir 4, 1392, at 8:28 PM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>>
>>> OK....I get the equality thing now...such a silly question it was ... :P
>>>
>>> Now tell me about the two server variables  HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH.
>>> Do these server variables automatically gets set?
>>>
>>> Suppose if I maintain the server in company, what do I have to do to set
>>> these variables ?
>>>
>>>
>>> On Tue, Jun 25, 2013 at 4:29 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>>>
>>>> Feel free to IM me anytime you needed, thats why I'm there.
>>>>
>>>> This is the scenario:
>>>> You present a file to the browser, along with its last modification
>>>> time. Browser caches the file along with this time. Next time browser asks
>>>> for that file, it tells you that it has the version with that time, and you
>>>> check the time of your file again, and if its a match they already have it.
>>>>
>>>> You need to check if its exactly the same, because any older or newer
>>>> file you replace (you dont always put a newer file there, maybe you revert
>>>> it) should be replaced with the one browser has in cache.
>>>>
>>>> Thanks
>>>> -Abbas
>>>>
>>>> On Tir 4, 1392, at 4:48 AM, rahul chaudhary <
>>>> rahul300chaudhary400 at gmail.com> wrote:
>>>>
>>>> After reading lots of materials, I now understand the whole concept of
>>>> cache control in PHP. I also was able to understand your code and other
>>>> codes in the web to check if the page has been modified or not.
>>>>
>>>> 1) What I don't understand is where the server variables such as
>>>> HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH are set. How do they work.
>>>> There is no proper documentation that I could find.
>>>>
>>>> 2) Also in the code, why equality is checked. Shouldn't you check if
>>>> some time is greater than the other, then send the new page, otherwise the
>>>> cached page will be used.
>>>> if ($if_modified_since == $gmdate_mod)
>>>>     {
>>>> if ($SendHeader) header("HTTP/1.0 304 Not Modified");
>>>> return false;
>>>>     }
>>>>
>>>> *I think we should IM. I am very unclear on these two matters.*
>>>>
>>>> --
>>>> Regards,
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>>  _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130625/5a5e5e29/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list