FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Nested PHP
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Nested PHP [message #185317 is a reply to message #185315] Mon, 17 March 2014 23:01 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
On 17/03/14 22:10, Peter H. Coffin wrote:
> On Mon, 17 Mar 2014 15:33:13 +0000, The Natural Philosopher wrote:
>> What does a data base do well?
>> - breaks the directory hierarchy of data
>> - moves the data outside of the actual era directly accessible to te web
>> server
>> - provides a one point of backup
>> - adds a security of access to the data and code not easily done in
>> other ways.
>
> Oh dear... Let's start with that SQL was developed to run on a machine
> that had no directory hierarchy, had no web, didn't even really have
> a concept of "file" that was distinct from "table", and backing stuff
> up was a matter of "saving things", because you had no idea whether
> something was in memory or disk and didn't care. The security wasn't
> added on because the whole OS was pretty indistinguishable from the
> database. Everything you've mentioned is a side-effect of the database,
> not intrinsic to its use. You wanna run at this again? Nevermind,
> I'll just tell you. A database allows you to separate data from
> application in a way that allows you to change the data, including its
> interdependant relationships and qualities, without necessarily changing
> the application.
>
> The data comes first. Anytime you're starting with the application
> first, you're working not with a database, but rather with a "storage
> subsystem". Which is all fine and dandy, but it slaps you with richard
> problems forever, in varying severity, until you give up, start over
> with the data, and do it right.
>
ER no. Try actually taking of those spectacles or extreme prejudice and
reading what I wrote.

Teh databse was already there for data.

It now contians applicatoin in different tables because the tools
developed to manage secure and protecect the data can do exactly the
same job on the code.

Consider the problem

I have page called /aby/xyz that I want accessible to one user and
totalluy invisible to another.

At best htaccess makes it tricky and says 'not allowed' it wont ever say
'page doesn't exist'.

My users already live in a proper relational database.What is easier
than to write a slender shim that intercepts all access to the web
server, analyses them and decides who they are and what they can then
access? Using tables of privilege, proriory and area to give a
multidimensional; matrix of access. And the ability to return 'access
denied' or 'page not found' under my control if they try and access
something I don't want them to?

All of that is classic proper database use. IN the end I might of had a
table of php files cross correlated to the uri's I wanted them to appear
under. I might, but at the point I said 'sod it, why not stick the
code in the database as well, so its JUST a database call not a database
call then then INCLUDE the file. And the file might get deleted leaving
you with a database entry pointing to nothing. Stick it IN the database.

Code is after all data that has a special meaning, that's all.

I COLD have avoided eval by simply unloading the code onto disk,
executing it as a php include, then deleting it.

How crap is that?

I COULD have kept an audit trail on the code by giving every programmer
an actual linux login and letting them crawl around the host system, I
chose to rather write a tool that lets them upload code, only, and
tracks who uploaded when and where they uploaded it and why..a little
more security and a lot more logging than Linux does by itself.


Yo have been taught RuUles. 'never use eval'

Rules are for the guidance of wise men, and the obedience of fools. What
you think is that I am a richard, someone whose knowledge is minimal
compared to your own.

It never enters your head I might in fact be thirty years ahead of you.
And know EXACTLY what I am doing and have a very good reason based on
sound experience and several weeks of considering the options, does it?



--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Filling an array with random input doesn't quite work
Next Topic: string length
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 20:59:37 GMT 2024

Total time taken to generate the page: 0.05074 seconds