[OWASP_PHPSEC] Couple of Questions on Code

rahul chaudhary rahul300chaudhary400 at gmail.com
Fri Jun 28 03:06:33 UTC 2013


ok....I understand now...but why sleep ??

and how to check if a variable such as "max_execution_time" inside php.ini
is set or not??


On Thu, Jun 27, 2013 at 1:52 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> Hi Azzeddine,
> Good to have you back on board.
> Rahul, what Azzeddine said is true. set_time_limit(0) means unlimited
> time, though it needs to be allowed by php.ini, so its better to check it
> somewhere and throw an exception if it is not supported.
>
> BandwidthLimits are means of limiting the speed visitors can download
> files at. For example if you're providing videos or music archives, you
> don't want them to be leeched and you don't want your server to be
> overwhelmed, so you put a limit of 512kbps per person per file. That means
> that a minimum of 2000 users can download files from your server if you're
> serving on a 1gbps connection.
>
> Since we don't want this limit to be enforced upon javascript and css
> files that actually form our web pages (yet are counted as static
> downloadable contents) we set a minimum size for enabling the limitation.
> For example for all files that are bigger than 1MB we set this limit and
> others are unlimited in bandwidth, so that our website doesnt look slow or
> problematic to the end user.
>
> Thanks
> -Abbas
> On Tir 6, 1392, at 9:35 PM, Azeddine Islam Mennouchi <
> azeddine.mennouchi at owasp.org> wrote:
>
> I do not have any knowledge about jframework
> but for the 2nd question it is totally on the contrary it will make an
> error goes away
> if any action you are doing can take more than the max_execution time you
> need to put set_time_limit(0) or you will Maximum execution time exceeded
> I think that $BandwidthLimitInitialSize is a bandwidth limitation (the
> amount of data that you read in one time)
> The rest I can't tell
>
> Regards Islam,
>
>
> On Thu, Jun 27, 2013 at 5:30 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
>> This is the code inside Feed in download.php inside jFramwork: Comments
>> are my questions:
>>
>> //Q1-> What does $BandwidthLimitInitialSize represents ???
>> if (self::$BandwidthLimitInitialSize>0 && $FileSize >
>> self::$BandwidthLimitInitialSize)
>>         {
>>             $f = fopen($File, "rb");
>>             fseek($f, $seek_start);
>>             set_time_limit(0);   // Q2->   Why is time set to 0. Would't
>> it trigger an error ???
>>             while (! feof($f))
>>             {
>>                 echo fread($f, self::$BandwidthLimitSpeed);
>>                 flush();
>>                 ob_flush(); //Q3->  You haven't done ob_Start() here but
>> still you are using ob_flush() ???
>>                 sleep(1);  //Q4->   Why sleep ???
>>             }
>>             fclose($f);
>>             return true;
>>         }
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>
>
> --
> Islam Azeddine Mennouchi
> Consultant at NovaSup
> http://www.novasup.com/
> OWASP ALGERIA Chapter Leader
> phone n°: +213796314102
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130627/a8b52268/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list