Обсуждение: Storing Large Objects
Hi All...... I'm writing a php web application which sells mp3 music for production use (a rather limited audience, as opposed to a general mp3 download site). Since I've heard large objects were a bother I've written it so the mp3s were in files with long obfuscated filenames and have put them in a directory hidden behind basic authentication, planning a php front end to the basic authentication and storing the file urls in the database. Now I'm considering shortlived symbolic filenames to further make it difficult to rip off the mp3 files by other users with valid log in credentials that can get past the basic authentication. Basically it's turning into one big unwieldy kluge. I'm reading about large object php functions and am considering storing the mp3s themselves as large objects in postgreSQL, rather than just the filenames, and it's starting to look better and better! It would be very easy to make it so that only the valid user could pull the mp3 large object out of postgreSQL. Is storing large objects as easy as the php functions make it look? What about the pg_dump difficulties with large objects? I'm using Debian Stable which has postgreSQL 7.2.1 and PHP 4.1.2 which so far has been working fine with my small text databases, but I suspect if I want to consider large objects I should really upgrade, eh? TIA.... brew ========================================================================== Strange Brew (brew@theMode.com) Check out my Stock Option Covered Call website http://www.callpix.com and my Musician's Online Database Exchange http://www.TheMode.com ==========================================================================
brew@theMode.com writes: > I'm using Debian Stable which has postgreSQL 7.2.1 and PHP 4.1.2 which so > far has been working fine with my small text databases, but I suspect if I > want to consider large objects I should really upgrade, eh? [ jaw drops... ] Debian Stable is shipping 7.2.**1**? You might want to get yourself a more responsibly managed distro. I won't necessarily argue with someone's decision to stick on the 7.2 major release, but not to adopt 7.2.* bug fixes is mere insanity. 7.2.1 was released more than three years ago and has multiple known data-loss and security issues. regards, tom lane
On Mon, 18 Apr 2005, Tom Lane wrote: > [ jaw drops... ] Debian Stable is shipping 7.2.**1**? > > You might want to get yourself a more responsibly managed distro. > I won't necessarily argue with someone's decision to stick on the > 7.2 major release, but not to adopt 7.2.* bug fixes is mere insanity. > 7.2.1 was released more than three years ago and has multiple known > data-loss and security issues. It's been recommended to me that I switch to testing, which is running 7.4.7 i think. And I've done that on my development laptop. Maybe I should switch to that on my production server, too, since it's working OK on my laptop. It's a more recent version of php, too. It's have been argued that Debian testing is at least as stable as everybody elses stable and Debian stable is *really* stable. Although with 7.2.1 maybe not so secure..... brew ========================================================================== Strange Brew (brew@theMode.com) Check out my Stock Option Covered Call website http://www.callpix.com and my Musician's Online Database Exchange http://www.TheMode.com ==========================================================================
On Monday 18 April 2005 00:18, Tom Lane wrote: > [ jaw drops... ] Debian Stable is shipping 7.2.**1**? > > You might want to get yourself a more responsibly managed > distro. I won't necessarily argue with someone's decision to > stick on the 7.2 major release, but not to adopt 7.2.* bug > fixes is mere insanity. 7.2.1 was released more than three > years ago and has multiple known data-loss and security issues. It's probably not quite so bad as you think. But it probably as "stable" (sort of like the Canadian Shield bedrock is stable). They backport patches to older software. The actual number is 7.2.1-2woody8 The changelog (http://packages.debian.org/changelogs/pool/main/p/postgresql/postgresql_7.2.1-2woody8/changelog) has entries on: Thu, 10 Feb 2005 15:20:03 +0100 Tue, 1 Feb 2005 12:55:44 +0100 Tue, 26 Oct 2004 15:54:22 +0200 Thu, 13 May 2004 11:00:07 +0200 3 Nov 2003 10:14:08 +0100 8 Sep 2002 19:33:32 +0200 5 Sep 2002 09:49:10 -0400 Sun, 31 Mar 2002 21:25:41 +0100 Fri, 29 Mar 2002 02:17:31 +0000 Sat, 23 Mar 2002 09:43:05 +0000 and I believe 40 more entries going back to Fri, 26 Jan 2001 20:27:30 +0000 For stable, one can always look to www.backports.org to get newer software versions, instead of using the sometimes "ancient" stuff in "stable". Backports has 7.4.7-1 as the version it is distributing. The changelog file isn't seen in the directory with the various debs, but the date on the package is: 11-Feb-2005 08:10 I don't run stable myself, but for other people I have had them doing updates against backports.org for some software. Gord (just another Debian user)
On Mon, 18 Apr 2005, Gordon Haverland wrote: > For stable, one can always look to www.backports.org to get newer > software versions, instead of using the sometimes "ancient" stuff in > "stable". Backports has 7.4.7-1 as the version it is distributing. Hey, that's pretty neat. I love apt-get (lazy?), getting a newer version of postgreSQL that is compiled against the stable libs looks pretty good. I'll try it out on one of my test servers - I think it might be safer eventually to do that on my production server rather than run Debian testing. I'm rather nervous about that because apt-get testing once left my laptop without php for a few days, that would be a disaster for a production website! Thanks Gordon. brew ========================================================================== Strange Brew (brew@theMode.com) Check out my Stock Option Covered Call website http://www.callpix.com and my Musician's Online Database Exchange http://www.TheMode.com ==========================================================================
On Mon, Apr 18, 2005 at 02:09:10 -0400, brew@theMode.com wrote: > > Since I've heard large objects were a bother I've written it so the mp3s > were in files with long obfuscated filenames and have put them in a > directory hidden behind basic authentication, planning a php front end to > the basic authentication and storing the file urls in the database. Now > I'm considering shortlived symbolic filenames to further make it difficult > to rip off the mp3 files by other users with valid log in credentials that > can get past the basic authentication. Why not put the files somewhere where only the application can get at them instead of under the document root. That way they have to compromise your application to get at them. No amount of url guessing will give direct access.
Bruno.... > Why not put the files somewhere where only the application can get at > them instead of under the document root. That way they have to > compromise your application to get at them. No amount of url guessing > will give direct access. Great idea. That's what I will do, no need to complicate my life (and server) by storing the files as large objects in the database. It looks like php's readfile function will do the job nicely. Thanks Bruno! brew ========================================================================== Strange Brew (brew@theMode.com) Check out my Stock Option Covered Call website http://www.callpix.com and my Musician's Online Database Exchange http://www.TheMode.com ==========================================================================