ini - Allowing large file uploads in PHP (security) -



ini - Allowing large file uploads in PHP (security) -

are there security and/or performance implications consider when allowing big file uploads in php? example, these php ini settings have set.

memory_limit = 950m upload_max_filesize = 950m post_max_size = 950m max_execution_time = 0

what, if anything, go wrong these settings?

the security considerations not alter changing these settings. performance next valid:

the fine art of serving users in performing way offer plenty ressources requested sum of users. translating examples upon settings like:

10 users uploading 950 mb require serve 9.5 gb of bandwidth , i/o throughput (which eg. ipacted disk speed) in performing manner. user live uploading 950 mb in 1 minute, dissatisfied taking me hour.

100 users uploading 950 mb require serve 95 gb...

1000 users uploading 950 mb reuire serve 950 gb... ...

of cause not of users go max @ time , concurrent uploads might limited. these max-settings add together risk stack. depending on usage characteristics , ressource stuffing these settings valid.

however assume gave extreme examples , want larn implications.

when google "optimize php memory_limit" this: http://programmers.stackexchange.com/questions/207935/benefits-of-setting-php-memory-limit-to-lower-value-for-specific-php-script

obviously can same other settings.

in forums can find lot of swear against setting config-values such high. having in environments, ressource utilization managed on other access layers (eg. restrict number of upload-users via in-app permissions) did work out me in past well.

php ini

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con
Read more

django - Access session in user model .save() -

django - Access session in user model .save() - is possible access current session in user model .save()? pseudo code of want achieve: # users.models.py def save(self, *args, **kwargs): created = true if self.pk: created = false super(abstractuser, self).save(*args, **kwargs) # post-save if created: look_for_invite_in_session_and_register_if_found(self, session) seems wrong in architecture. shouldn't access request in models layer. work request must done in view. can this: user, created = abstractuser.objects.get_or_create(name=name) if created: look_for_invite_in_session_and_register_if_found(user, request.session) django session
Read more

php - .htaccess Multiple Rewrite Rules / Prioritizing -

php - .htaccess Multiple Rewrite Rules / Prioritizing - here current htaccess file: rewriteengine on rewritecond %{http_host} !^www\.website\.com [nc] rewritecond %{http_host} ([^.]+)\.website\.com [nc] rewriterule ^(.*)$ http://www.website.com/gotourl.php?urlid=?%1 [l] rewriterule ^(\w+)$ ./gotourl.php?urlid=$1 [nc,l] rewriterule ^(\w+)/$ ./gotourl.php?urlid=$1 [nc,l] the website in question url shortener i'm working on testing/developing , personal use. above code may not ideal i'm not familiar .htaccess , made via googling , testing. want url shortening aspect: http://website.com/1234 -> http://website.com/gotourl.php?urlid=1234 http://website.com/1234/ -> http://website.com/gotourl.php?urlid=1234 the problem cannot figure out how ignore directories. want specific directories go specific pages: http://website.com/img (or) http://website.com/img/ -> http://website.com/img.php http://website.com/img/1234 (or) http://website.com/
Read more