|  | Posted by Marcus Bointon on 09/09/05 13:23 
On 9 Sep 2005, at 04:12, Eric Ryan Harrison wrote:
 > What kind of multi-server environment are you in that would require
 > you to add the overhead of this extra peice of software to share
 > something as trivial as configs and caching?
 
 I'd turn that around - why incur the overhead of something as big and
 complex as an SQL server to do something so simple? Using SQL for
 everything is certainly convenient, but that could just be 'when all
 you have is a hammer' syndrome.
 
 > By multi-server, do you mean, multiple sites on one server,
 > multiple servers over a spread geographical area, or multiple
 > servers on the same network?  There are a lot of solutions
 > to sharing data in all of these environments, and while the
 > sharedance idea seems like a neat little toy, I am quite
 > hesitant about calling it the "solution" to Smarty's config/cache
 > sharing problem.
 
 Well, I actually asked if anyone had tried it - it seems like a nice
 lightweight solution and it comes with a ready to roll PHP session
 handler.
 I'd like to see some benchmarks on it. The only other distributed
 session handler I know of as an off-the shelf solution is the ADOdb
 one, but that's adding yet more overhead rather than reducing it.
 
 > Maybe if you define the problem that actually exists first, I'll
 > be more likely to consider your options.  And how does it have
 > less overhead than SQL?  And what exactly makes it faster?
 
 Well, for a start it doesn't use SQL. SQL is total overkill for
 simple functions like this. MySQL is not the only show in town either
 - I've used other SQL databases that are 5-100x faster than MySQL
 (even for an exact match on a primary key) that are not suited to
 more general web applications, so it can make sense to use both
 together for the most efficient solution.
 
 > Have you used it in a live environment?
 
 No, that's why I was asking. It looks like a neat idea, but of course
 it's not much good if it doesn't perform.
 
 > What make's the pureftpd server solid?  I have never heard
 > of it and don't know if I would go as far as saying that it
 > is a solid daemon.  I did a quick googlesearch and found 639
 > pages listed using the search terms "pureftpd vuln".  The first
 > few pages were valid hits on actual DoS vuln's in the pureftpd
 > code.  I don't know if that is something I'd consider solid.
 
 There has been ONE reported vuln that was fixed within a few days.
 This compares very, very well with other FTP servers - try searching
 for 'wu-ftpd vuln' or 'pro-ftpd vuln' (the two most common ftp
 servers that ship in linux distros) and you'll see what I mean (if
 you think that google counts are a good measure - nvd.nist.gov might
 be more meaningful). A large proportion of the links you found are
 about vulns elsewhere that happen to contain his email address - the
 author is a prolific finder and fixer of some nasty vulns/bugs in
 other software (including PHP, Linux kernel, qmail, mod_ssl and
 apache), which bodes well.
 
 Pure-ftpd is also very easy to set up, particularly if you want
 virtual users and pluggable authentication.
 
 > Just some thoughts.  Please don't take this as a flame or
 > me trying to say, "YOU ARE WRONG."  I'm curious as to see
 > actual improvements to existing architectures (Smarty, PHP, caching,
 > etc), but I'm hesitant to just accept "This could be the solution..."
 > to a problem I wasn't even aware of.  Elaborate more please.
 
 I would never presume to say 'This could be THE solution', but I'm
 quite happy to suggest something that could be A solution.
 
 Marcus
 --
 Marcus Bointon
 Synchromedia Limited: Putting you in the picture
 marcus@synchromedia.co.uk | http://www.synchromedia.co.uk
  Navigation: [Reply to this message] |