Re: [PHP] Using Table prefixes
On Jun 8, 2013, at 4:17 PM, Julian Wanke wrote: > A database for each client? Isn't that over-powered? If you have 1000 > clients, you would loose the overview over your databases... What -- people have more than one client?!? My thoughts: A client is like a girlfriend -- if you have too many, things can get real ugly, real fast. If you have over 10 clients (let alone 1000), then you're probably overworked and not doing your best for each. My advise -- raise your rates until you narrow those clients down to a manageable size. Both you and your clients will be happier. At least, that's been my experience -- YMMV. Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using Table prefixes
Tell this the facebook, google or nsa data team ^^ Am 10.06.2013, 16:15 Uhr, schrieb Tedd Sperling : On Jun 8, 2013, at 4:17 PM, Julian Wanke wrote: A database for each client? Isn't that over-powered? If you have 1000 clients, you would loose the overview over your databases... What -- people have more than one client?!? My thoughts: A client is like a girlfriend -- if you have too many, things can get real ugly, real fast. If you have over 10 clients (let alone 1000), then you're probably overworked and not doing your best for each. My advise -- raise your rates until you narrow those clients down to a manageable size. Both you and your clients will be happier. At least, that's been my experience -- YMMV. Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using Table prefixes
Hi: I am sure they do not turn over a 1000 clients to a single person. Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com On Jun 10, 2013, at 2:11 PM, Julian Wanke wrote: > Tell this the facebook, google or nsa data team ^^ > > Am 10.06.2013, 16:15 Uhr, schrieb Tedd Sperling : > >> On Jun 8, 2013, at 4:17 PM, Julian Wanke wrote: >> >>> A database for each client? Isn't that over-powered? If you have 1000 >>> clients, you would loose the overview over your databases... >> >> What -- people have more than one client?!? >> >> My thoughts: >> >> A client is like a girlfriend -- if you have too many, things can get real >> ugly, real fast. >> >> If you have over 10 clients (let alone 1000), then you're probably >> overworked and not doing your best for each. >> >> My advise -- raise your rates until you narrow those clients down to a >> manageable size. Both you and your clients will be happier. >> >> At least, that's been my experience -- YMMV. >> >> Cheers, >> >> tedd >> >> _ >> tedd.sperl...@gmail.com >> http://sperling.com >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using Table prefixes
There servers are so good configured, that they don't need much maintainance. Facebook has 1,11 Billion Accounts. If we divide this through 1000 members per data team member they need 1 Million data team mebers, each of them has a salary which I would say is about 2000$. That means they have to pay 2 Billion US$ (!) per month to the data team which is very unrealistic. I know such great companies are a bad example but my opinion is that a system should be as scalable as possible. Am 10.06.2013, 20:16 Uhr, schrieb Tedd Sperling : Hi: I am sure they do not turn over a 1000 clients to a single person. Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com On Jun 10, 2013, at 2:11 PM, Julian Wanke wrote: Tell this the facebook, google or nsa data team ^^ Am 10.06.2013, 16:15 Uhr, schrieb Tedd Sperling : On Jun 8, 2013, at 4:17 PM, Julian Wanke wrote: A database for each client? Isn't that over-powered? If you have 1000 clients, you would loose the overview over your databases... What -- people have more than one client?!? My thoughts: A client is like a girlfriend -- if you have too many, things can get real ugly, real fast. If you have over 10 clients (let alone 1000), then you're probably overworked and not doing your best for each. My advise -- raise your rates until you narrow those clients down to a manageable size. Both you and your clients will be happier. At least, that's been my experience -- YMMV. Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] basic authentication usage
Trying to learn how this works for a simple security need I have.
Nothing serious, hence this experiment.
My code:
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'You have chosen not to signin';
echo "Click here to go back to the menu";
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
unset($_ENV['PHP_AUTH_USER']);
unset($_ENV['PHP_AUTH_PW']);
exit;
}
else
{
echo "checking creds";
if ($_SERVER['PHP_AUTH_USER'] <> "validuser")
{
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
unset($_ENV['PHP_AUTH_USER']);
unset($_ENV['PHP_AUTH_PW']);
echo 'You have entered invalid information.';
echo "Click here to go back to the menu";
exit();
}
}
(if we get here we have signed on)
(continue on with script)
***
My problem is trying to remove the invalid credentials (unsets) so that
when the user attempts to access the page again, the signin dialog gets
displayed. On my second attempt I always get the "invalid" path and
never get a chance to re-enter the credentials.
What am I missing (besides it's a lousy security solution)?
Can one NOT unset a SERVER variable? How does one get around that in
this case if so?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic authentication usage
I think that the problem here is, that the unset of the
$_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser.
If you've got a directory protection, the browser needs a restart to show
the login dialog before.
I may be wrong because I'm using forms normally but the Authentification
cannot be reset so easily...
Am 10.06.2013, 22:28 Uhr, schrieb Jim Giner :
Trying to learn how this works for a simple security need I have.
Nothing serious, hence this experiment.
My code:
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'You have chosen not to signin';
echo "Click here to go back to the menu";
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
unset($_ENV['PHP_AUTH_USER']);
unset($_ENV['PHP_AUTH_PW']);
exit;
}
else
{
echo "checking creds";
if ($_SERVER['PHP_AUTH_USER'] <> "validuser")
{
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
unset($_ENV['PHP_AUTH_USER']);
unset($_ENV['PHP_AUTH_PW']);
echo 'You have entered invalid information.';
echo "Click here to go back to the menu";
exit();
}
}
(if we get here we have signed on)
(continue on with script)
***
My problem is trying to remove the invalid credentials (unsets) so that
when the user attempts to access the page again, the signin dialog gets
displayed. On my second attempt I always get the "invalid" path and
never get a chance to re-enter the credentials.
What am I missing (besides it's a lousy security solution)?
Can one NOT unset a SERVER variable? How does one get around that in
this case if so?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic authentication usage
On 6/10/2013 4:33 PM, Julian Wanke wrote: I think that the problem here is, that the unset of the $_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser. If you've got a directory protection, the browser needs a restart to show the login dialog before. I may be wrong because I'm using forms normally but the Authentification cannot be reset so easily... No - I think you misunderstood. I am NOT using directory protection, hence my attempt at using this method. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic authentication usage
I just mentioned that as an example. For this authentification the server sends a Authorization header. The client's browser requests the credentials from the user and save them in the RAM. Now the client's browser sends the credentials to the server. And what's important: The browser sends the credentials in each further request from now. So the browser stores the username and password for the session in the RAM and they can't be changed or deleted from the server's side. In fact the authorization works similar to cookies with the difference, that cookies can be set server-side and the HTTP authorization can't. That's the reason why you can't unset the invalid credentials, if entered one time the browser will send them in each request, it doesn't matter what the server does. I hope you understood what I mean... Am 10.06.2013, 23:14 Uhr, schrieb Jim Giner : On 6/10/2013 4:33 PM, Julian Wanke wrote: I think that the problem here is, that the unset of the $_SERVER["PHP_AUTH_USER"] variable is not affecting the client's browser. If you've got a directory protection, the browser needs a restart to show the login dialog before. I may be wrong because I'm using forms normally but the Authentification cannot be reset so easily... No - I think you misunderstood. I am NOT using directory protection, hence my attempt at using this method. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using Table prefixes
Julian Wanke wrote: > Facebook has 1,11 Billion Accounts. If we divide this through 1000 > members per data team member they need 1 Million data team mebers, > each of them has a salary which I would say is about 2000$. > That means they have to pay 2 Billion US$ (!) per month to the data > team which is very unrealistic. I think, again, that people have *very* different concepts of what the term 'client' means. I would never call Facebook's billion accounts clients - they are users. And, seriously, I think taking a concept to absurd lengths is just that, absurd. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
