Reply to Re: [PHP] Limiting Cpu usage

Your name:

Reply:


Posted by Richard Lynch on 04/12/05 01:06

On Mon, April 11, 2005 3:05 am, zini10 said:
> ok, that will do some of the trick , but still , a user can just write a
> script which:
>
> for($i=0;$i<99999999;$i++)
> {
> $x=$x+1;
> }
>
> or something and refresh it the whole time and really slow down everybody
> else....

Yes.

Allowing untrusted users to write PHP scripts on your server is a big no-no.

PHP has some crude techniques (time_limit, memory_limit) to stop the silly
mistakes of scripters.

But if you have somebody who *WANTS* to harm your server, and they can
execute a PHP script on your server... Well, for starters,
denial-of-service attacks are only the baby child of the *BIG* problems
they can cause.

If you trust the users, but think they are inexperienced, you can:

1) Enable and shorten time_limit and memory_limit in php.ini

2) Set up a development server where they must test and QA their code,
along with a reasonable QA process for code to pass *before* it goes live.
The development server *MUST* be a box that you don't give a damn if it
gets sent crawling to its knees with a script like the above, or worse,
and you have to re-boot it. If it bothers you to re-boot it, it's not a
development server, or you don't have enough development servers. Note
that each user can install Apache/PHP/MySQL/Linux on their OWN el-cheapo
desktop you buy on eBay for $50, or find in a dumpster for FREE and then
they have a development "server" of their own that only hurts them when
they Nuke it. A three-stage QA process, then, where they test on their
own dev server, then promote it to a shared dev server for more extensive
QA, and then *IF* it passes, it goes "live"

I quit my last job in part because my "dev" server was a "live" box. Sheesh!


--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация