SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 66
  1. #26
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,350
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    oh, excuuuuuuuuuse me

    that link goes to an article which discusses the pros and cons of storing images in the database

    better?

    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  2. #27
    SitePoint Member
    Join Date
    Jun 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    data base is a bad way to store images. It reduces teh search time. Just store the URL in a db.

  3. #28
    SitePoint Enthusiast
    Join Date
    May 2009
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it is bad bad bad idea to store images in the database,the best way is to use file system and store the url of the image in the database or may some time just the name of the image will work.
    I use to follow the file system and never get any problem with that even if I am dealing with big amount of data.



    Noddy

  4. #29
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One thing no one has mentioned so far is that you may not have access to the file system. Unless PHP is running under SuExec it is only going to have read permission and so will not be able to write to the file system. Of course you could just allocate 0777 permission to the uploads directory but that is a major hole.

  5. #30
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman View Post
    One thing no one has mentioned so far is that you may not have access to the file system. Unless PHP is running under SuExec it is only going to have read permission and so will not be able to write to the file system. Of course you could just allocate 0777 permission to the uploads directory but that is a major hole.
    what's so bad about 777? bearing in mind that your host should be using open_basedir restrictions or at least safe_mode.

  6. #31
    SitePoint Guru
    Join Date
    Jun 2006
    Posts
    638
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can upload a PHP script with an image's header data, getImageSize will return OK, and the user just got access to your server.

  7. #32
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vali View Post
    You can upload a PHP script with an image's header data, getImageSize will return OK, and the user just got access to your server.
    unless u don't allow upload of .php files..

  8. #33
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by adam.jimenez View Post
    what's so bad about 777? bearing in mind that your host should be using open_basedir restrictions or at least safe_mode.
    open_basedir and safe mode are merely PHP restrictions. They don't stop the webserver (or any other piece of software) writing to your directory.

  9. #34
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman View Post
    open_basedir and safe mode are merely PHP restrictions. They don't stop the webserver (or any other piece of software) writing to your directory.
    Like what software? cgi has it's own restrictions too right?

    This must mean 755 is bad because anyone can read your source files!

    BTW sitepoint is so sloooooow. hope some of the gurus on here can help them out!

  10. #35
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by adam.jimenez View Post
    This must mean 755 is bad because anyone can read your source files!
    Just out of interest are you using a shared server? If so try a phpinfo and see to what you are restricted. Is it a local restriction or global.

    By the way your approach relies on the person configuring the server to make sure that every loophole is closed. On the other hand having a directory "read only" stops everything without the need to worry that something far out of most people's reach (server config) might not be perfect.

  11. #36
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman View Post
    Just out of interest are you using a shared server? If so try a phpinfo and see to what you are restricted. Is it a local restriction or global.

    By the way your approach relies on the person configuring the server to make sure that every loophole is closed. On the other hand having a directory "read only" stops everything without the need to worry that something far out of most people's reach (server config) might not be perfect.
    i rely on plesks default security settings which includes safe_mode and openbasedir restrictions.

  12. #37
    SitePoint Guru
    Join Date
    Jun 2006
    Posts
    638
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by adam.jimenez View Post
    unless u don't allow upload of .php files..
    doesn't have to have a '.php' extension to run something on your server.

  13. #38
    SitePoint Zealot
    Join Date
    Apr 2009
    Location
    South Florida
    Posts
    187
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    BIG NOOOOOOOOOOO

    specially when its comes to large scale web clusters

    if you have high volume traffic in a load balanced web farm, storing large binary files in MySQL will bring lot of problem with replication and slow down like crazy

  14. #39
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vali View Post
    doesn't have to have a '.php' extension to run something on your server.
    how so? assuming you are limited to uploading .jpg/ .gif/ .png

  15. #40
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,653
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    ^^^^Not really, you should think through database load balancing as well as front-end load blancing. See my post above for one way to handle that, but there are others.

  16. #41
    SitePoint Zealot
    Join Date
    Apr 2009
    Location
    South Florida
    Posts
    187
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    you can always cache requested images on disk and actually serve the files from there, giving one the best of both worlds.
    Too many steps and IO, i would rather store only the file path and some statistics of the file in DB

    Even if some one decide to store files on DB, when its come to large files, going to bring lot of issues, specially when end user uses some kind of file download manager to download the files, which generate dozens of download requests simultaneously.

  17. #42
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by adam.jimenez View Post
    i rely on plesks default security settings which includes safe_mode and openbasedir restrictions.
    Yes, but do you know what those settings are? Is the openbasedir restriction local or global?

    And yes about the 0755 comment. I've know many servers that have been configured like that and it's possible to access other parties directories even with global openbasedir restrictions in place, giving access to MySQL passwords etc.

  18. #43
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Location
    Everett WA
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So far no one has asked the question, what about the well tuned Linux file cache and buffering impact. Another point to consider is consistency in backups. Are you really going to do a massive dump daily so that it can get a decent backup, that's a lot of data to push in and out. As for the comment about having 500K images in one directory, that is a bad idea in any light, you should be organizing them in the first place, on a file system or in a database for that matter.

    All in all, it is a lot of extra hoops and cpu-cycles to jump through to load an image.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  19. #44
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Location
    Everett WA
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh, and a quick note on the 777 idea, it is ok in some aspects, but use it sparingly, because as soon as one of your scripts is exploited, that's where the backdoors and other evil things can pop up, and other things can be overwritten.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  20. #45
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,653
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lphy View Post
    Too many steps and IO, i would rather store only the file path and some statistics of the file in DB
    Some people call it extra steps, some people call it solid application design and abstraction.

    Even if some one decide to store files on DB, when its come to large files, going to bring lot of issues, specially when end user uses some kind of file download manager to download the files, which generate dozens of download requests simultaneously.
    How so? If you are serving from disk, then you will have standard download manager issues, no? Especially if you write the caching logic in the right order so nothing actually hits the DB but always punches through.

  21. #46
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    Remember to embed an image in an HTML page, you must make a separated call. In this regard the Database loses its advantage of a single I/O operation.
    Very true!

    Serving the image file from the DB would look like this:
    Webserver -> PHP servlet -> Database -> I/O -> File System
    while non-DB would look like this:
    Webserver -> I/O -> File System

  22. #47
    SitePoint Zealot
    Join Date
    Apr 2009
    Location
    South Florida
    Posts
    187
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Some people call it extra steps, some people call it solid application design and abstraction.

    How so? If you are serving from disk, then you will have standard download manager issues, no? Especially if you write the caching logic in the right order so nothing actually hits the DB but always punches through.
    Ok, lets talk about software architecture, for large scale webfarm with load couple of load balances separately for DBs and file servers.

    Lets say you have a 100 MB file in DB, you have the same file in many places in DB cluster

    Also you keep a cache file on a file server (another 100MB), which will have replication across all the load balanced servers

    As you said, you have to support client request via cache file, otherwise too many issues with timing out and multiple requests depending on file size and client internet speed and how long it take to download

    Now lets say you have to update the same file, now you have to update DB record (which trigger replication process to update the DB cluster), then you have to update cache file (and propagate on HDD raid arrays and webfarm)

    Actually you keeping large chunk of data in two different places (DB and flat cache file) where all the extra IO taking place, which you could have avoid only integrating DB record to hold only the cache file path (and few statistics about the file) without having to store the binary data in DB

  23. #48
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman View Post
    Yes, but do you know what those settings are? Is the openbasedir restriction local or global?

    And yes about the 0755 comment. I've know many servers that have been configured like that and it's possible to access other parties directories even with global openbasedir restrictions in place, giving access to MySQL passwords etc.
    restriction is local. all sites are locked into their own folder.

  24. #49
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by adam.jimenez View Post
    all sites are locked into their own folder.
    Whatever you say this is merely a PHP restriction. The webserver itself has access to every 004 file on the machine.

  25. #50
    SitePoint Zealot adam.jimenez's Avatar
    Join Date
    May 2009
    Location
    Ware, UK
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman View Post
    Whatever you say this is merely a PHP restriction. The webserver itself has access to every 004 file on the machine.
    which is a problem how? unless of course the webserver has known vulnerabilities.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •