[OWASP_PHPSEC] Couple of Questions on Code

rahul chaudhary rahul300chaudhary400 at gmail.com
Fri Jun 28 13:15:31 UTC 2013


I have pushed the code with read until seek_end.

I am not sure what you mean by checking if I am allowed to extend
max_execution_time. Can you please give me the code to do that...or explain
in little more detail what it means.

By putting sleep, I have noticed that while testing that function, it took
1-2 seconds to produce the results, that may be a bottleneck where our code
takes time to give results, because the sleep is under a while loop, the
sleep would be executed with each loop.


On Fri, Jun 28, 2013 at 5:34 AM, Abbas Naderi <abiusx at owasp.org> wrote:

> Hi Rahul,
> As soon as the client closes the connection, the server script terminates,
> though it would be better to do it until seek_end.
>
> You should not check for max_execution_time, but to check if you are
> allowed to extend it.
>
> sleep allows an application to get blocked in the OS pool and don't use
> resources. It also spends one second so that our application feeds certain
> size of data each second.
> -Abbas
>
> On Tir 7, 1392, at 8:20 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> IN your implementation of Feed, you specified seek_Start and seek_end.
>
> However when you are returning the file, you are starting to read from
> seek_start but are not specifying the end. So the whole data would be read
> from seek_Start, which is wrong, isn't it??
>
> because you must only read data till seek_end and no further.
>
>
> On Thu, Jun 27, 2013 at 11:06 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
>> ok....I understand now...but why sleep ??
>>
>> and how to check if a variable such as "max_execution_time" inside
>> php.ini is set or not??
>>
>>
>> On Thu, Jun 27, 2013 at 1:52 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>>
>>> Hi Azzeddine,
>>> Good to have you back on board.
>>> Rahul, what Azzeddine said is true. set_time_limit(0) means unlimited
>>> time, though it needs to be allowed by php.ini, so its better to check it
>>> somewhere and throw an exception if it is not supported.
>>>
>>> BandwidthLimits are means of limiting the speed visitors can download
>>> files at. For example if you're providing videos or music archives, you
>>> don't want them to be leeched and you don't want your server to be
>>> overwhelmed, so you put a limit of 512kbps per person per file. That means
>>> that a minimum of 2000 users can download files from your server if you're
>>> serving on a 1gbps connection.
>>>
>>> Since we don't want this limit to be enforced upon javascript and css
>>> files that actually form our web pages (yet are counted as static
>>> downloadable contents) we set a minimum size for enabling the limitation.
>>> For example for all files that are bigger than 1MB we set this limit and
>>> others are unlimited in bandwidth, so that our website doesnt look slow or
>>> problematic to the end user.
>>>
>>> Thanks
>>> -Abbas
>>> On Tir 6, 1392, at 9:35 PM, Azeddine Islam Mennouchi <
>>> azeddine.mennouchi at owasp.org> wrote:
>>>
>>> I do not have any knowledge about jframework
>>> but for the 2nd question it is totally on the contrary it will make an
>>> error goes away
>>> if any action you are doing can take more than the max_execution time
>>> you need to put set_time_limit(0) or you will Maximum execution time
>>> exceeded
>>> I think that $BandwidthLimitInitialSize is a bandwidth limitation (the
>>> amount of data that you read in one time)
>>> The rest I can't tell
>>>
>>> Regards Islam,
>>>
>>>
>>> On Thu, Jun 27, 2013 at 5:30 PM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>>
>>>> This is the code inside Feed in download.php inside jFramwork: Comments
>>>> are my questions:
>>>>
>>>> //Q1-> What does $BandwidthLimitInitialSize represents ???
>>>> if (self::$BandwidthLimitInitialSize>0 && $FileSize >
>>>> self::$BandwidthLimitInitialSize)
>>>>         {
>>>>             $f = fopen($File, "rb");
>>>>             fseek($f, $seek_start);
>>>>             set_time_limit(0);   // Q2->   Why is time set to 0.
>>>> Would't it trigger an error ???
>>>>             while (! feof($f))
>>>>             {
>>>>                 echo fread($f, self::$BandwidthLimitSpeed);
>>>>                 flush();
>>>>                 ob_flush(); //Q3->  You haven't done ob_Start() here
>>>> but still you are using ob_flush() ???
>>>>                 sleep(1);  //Q4->   Why sleep ???
>>>>             }
>>>>             fclose($f);
>>>>             return true;
>>>>         }
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>>
>>>> _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>
>>>>
>>>
>>>
>>> --
>>> Islam Azeddine Mennouchi
>>> Consultant at NovaSup
>>> http://www.novasup.com/
>>> OWASP ALGERIA Chapter Leader
>>> phone n°: +213796314102
>>>  _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130628/2c667099/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list