[OWASP_PHPSEC] Couple of Questions on Code

rahul chaudhary rahul300chaudhary400 at gmail.com
Fri Jun 28 03:50:31 UTC 2013


IN your implementation of Feed, you specified seek_Start and seek_end.

However when you are returning the file, you are starting to read from
seek_start but are not specifying the end. So the whole data would be read
from seek_Start, which is wrong, isn't it??

because you must only read data till seek_end and no further.


On Thu, Jun 27, 2013 at 11:06 PM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> ok....I understand now...but why sleep ??
>
> and how to check if a variable such as "max_execution_time" inside php.ini
> is set or not??
>
>
> On Thu, Jun 27, 2013 at 1:52 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> Hi Azzeddine,
>> Good to have you back on board.
>> Rahul, what Azzeddine said is true. set_time_limit(0) means unlimited
>> time, though it needs to be allowed by php.ini, so its better to check it
>> somewhere and throw an exception if it is not supported.
>>
>> BandwidthLimits are means of limiting the speed visitors can download
>> files at. For example if you're providing videos or music archives, you
>> don't want them to be leeched and you don't want your server to be
>> overwhelmed, so you put a limit of 512kbps per person per file. That means
>> that a minimum of 2000 users can download files from your server if you're
>> serving on a 1gbps connection.
>>
>> Since we don't want this limit to be enforced upon javascript and css
>> files that actually form our web pages (yet are counted as static
>> downloadable contents) we set a minimum size for enabling the limitation.
>> For example for all files that are bigger than 1MB we set this limit and
>> others are unlimited in bandwidth, so that our website doesnt look slow or
>> problematic to the end user.
>>
>> Thanks
>> -Abbas
>> On Tir 6, 1392, at 9:35 PM, Azeddine Islam Mennouchi <
>> azeddine.mennouchi at owasp.org> wrote:
>>
>> I do not have any knowledge about jframework
>> but for the 2nd question it is totally on the contrary it will make an
>> error goes away
>> if any action you are doing can take more than the max_execution time you
>> need to put set_time_limit(0) or you will Maximum execution time exceeded
>> I think that $BandwidthLimitInitialSize is a bandwidth limitation (the
>> amount of data that you read in one time)
>> The rest I can't tell
>>
>> Regards Islam,
>>
>>
>> On Thu, Jun 27, 2013 at 5:30 PM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>>> This is the code inside Feed in download.php inside jFramwork: Comments
>>> are my questions:
>>>
>>> //Q1-> What does $BandwidthLimitInitialSize represents ???
>>> if (self::$BandwidthLimitInitialSize>0 && $FileSize >
>>> self::$BandwidthLimitInitialSize)
>>>         {
>>>             $f = fopen($File, "rb");
>>>             fseek($f, $seek_start);
>>>             set_time_limit(0);   // Q2->   Why is time set to 0. Would't
>>> it trigger an error ???
>>>             while (! feof($f))
>>>             {
>>>                 echo fread($f, self::$BandwidthLimitSpeed);
>>>                 flush();
>>>                 ob_flush(); //Q3->  You haven't done ob_Start() here but
>>> still you are using ob_flush() ???
>>>                 sleep(1);  //Q4->   Why sleep ???
>>>             }
>>>             fclose($f);
>>>             return true;
>>>         }
>>>
>>>
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>
>>
>> --
>> Islam Azeddine Mennouchi
>> Consultant at NovaSup
>> http://www.novasup.com/
>> OWASP ALGERIA Chapter Leader
>> phone n°: +213796314102
>>  _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130627/6fc1a692/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list