|
|
Posted by Marcus Bointon on 09/09/05 13:23
On 9 Sep 2005, at 04:12, Eric Ryan Harrison wrote:
> What kind of multi-server environment are you in that would require
> you to add the overhead of this extra peice of software to share
> something as trivial as configs and caching?
I'd turn that around - why incur the overhead of something as big and
complex as an SQL server to do something so simple? Using SQL for
everything is certainly convenient, but that could just be 'when all
you have is a hammer' syndrome.
> By multi-server, do you mean, multiple sites on one server,
> multiple servers over a spread geographical area, or multiple
> servers on the same network? There are a lot of solutions
> to sharing data in all of these environments, and while the
> sharedance idea seems like a neat little toy, I am quite
> hesitant about calling it the "solution" to Smarty's config/cache
> sharing problem.
Well, I actually asked if anyone had tried it - it seems like a nice
lightweight solution and it comes with a ready to roll PHP session
handler.
I'd like to see some benchmarks on it. The only other distributed
session handler I know of as an off-the shelf solution is the ADOdb
one, but that's adding yet more overhead rather than reducing it.
> Maybe if you define the problem that actually exists first, I'll
> be more likely to consider your options. And how does it have
> less overhead than SQL? And what exactly makes it faster?
Well, for a start it doesn't use SQL. SQL is total overkill for
simple functions like this. MySQL is not the only show in town either
- I've used other SQL databases that are 5-100x faster than MySQL
(even for an exact match on a primary key) that are not suited to
more general web applications, so it can make sense to use both
together for the most efficient solution.
> Have you used it in a live environment?
No, that's why I was asking. It looks like a neat idea, but of course
it's not much good if it doesn't perform.
> What make's the pureftpd server solid? I have never heard
> of it and don't know if I would go as far as saying that it
> is a solid daemon. I did a quick googlesearch and found 639
> pages listed using the search terms "pureftpd vuln". The first
> few pages were valid hits on actual DoS vuln's in the pureftpd
> code. I don't know if that is something I'd consider solid.
There has been ONE reported vuln that was fixed within a few days.
This compares very, very well with other FTP servers - try searching
for 'wu-ftpd vuln' or 'pro-ftpd vuln' (the two most common ftp
servers that ship in linux distros) and you'll see what I mean (if
you think that google counts are a good measure - nvd.nist.gov might
be more meaningful). A large proportion of the links you found are
about vulns elsewhere that happen to contain his email address - the
author is a prolific finder and fixer of some nasty vulns/bugs in
other software (including PHP, Linux kernel, qmail, mod_ssl and
apache), which bodes well.
Pure-ftpd is also very easy to set up, particularly if you want
virtual users and pluggable authentication.
> Just some thoughts. Please don't take this as a flame or
> me trying to say, "YOU ARE WRONG." I'm curious as to see
> actual improvements to existing architectures (Smarty, PHP, caching,
> etc), but I'm hesitant to just accept "This could be the solution..."
> to a problem I wasn't even aware of. Elaborate more please.
I would never presume to say 'This could be THE solution', but I'm
quite happy to suggest something that could be A solution.
Marcus
--
Marcus Bointon
Synchromedia Limited: Putting you in the picture
marcus@synchromedia.co.uk | http://www.synchromedia.co.uk
Navigation:
[Reply to this message]
|