List:General Discussion« Previous MessageNext Message »
From:David T. Ashley Date:August 23 2007 4:53pm
Subject:Re: Database architecture and security
View as plain text  
On 8/23/07, Jason Pruim <japruim@stripped> wrote:
>
>
> > b)Terminating TCP connections and ensuring that each PHP script
> > runs to
> > completion, anyway, and that the database isn't left in an
> > indeterminate
> > state due to this.
> >
> > Dave.
>
> What do you mean by "b"? If all the connections come from the local
> box how could I configure that to make sure it's all set up so it
> won't leave the database all messed up?


I don't know all of the technical details, but if a user uses the STOP
button on a browser or the TCP connection is otherwise terminated, there is
a feedback mechanism where the PHP script producing the HTML can be
terminated (it has no further utility, as it would be feeding a non-existent
connection at that point).

A worst case is where the PHP script is aborted in a critical section
(depending on how transactions are handled in the database) so that the
database is left in an inconsistent state.  Whether this is possible depends
on how you choose to do locking and transactions.

The safest approaches I'm aware of are:

#1)Form the database results and close the database connection before
generating output.

#2)Use the PHP function intended for that purpose.

Here is the URL for the PHP function:

http://us.php.net/manual/en/function.ignore-user-abort.php

http://us.php.net/manual/en/features.connection-handling.php

Best regards, Dave

Thread
Database architecture and securityJason Pruim23 Aug
  • Re: Database architecture and securityRolando Edwards23 Aug
    • Re: Database architecture and securityJason Pruim23 Aug
  • Re: Database architecture and securityGary Josack23 Aug
    • Re: Database architecture and securityJason Pruim23 Aug
  • Re: Database architecture and securityDavid T. Ashley23 Aug
    • Re: Database architecture and securityJason Pruim23 Aug
      • Re: Database architecture and securityDavid T. Ashley23 Aug
  • RE: Database architecture and securityJerry Schwartz23 Aug
    • RE: Database architecture and securityWm Mussatto23 Aug