[Commons-l] Different upload systems
Daniel Kinzler
daniel at brightbyte.de
Mon Sep 14 06:58:28 UTC 2009
Platonides schrieb:
>> Tell me if I'm wrong, but as far as I know, the file size is limited by PHP, nto
>> by MediaWiki. And it has to be: if we would admit huge files to be uploaded
>> before they are finally rejected by MediaWiki, this would already be an attack
>> vector - because, afaik, PHP got the dumb idea of buffering uploads in RAM. So,
>> to kill the server, just upload a 5GB file.
>
> Really? It makes sense for text POSTs but it's not very smart for files...
I didn't check for myself, but that'S what I was told when we discussed this
matter with Brion and Mark at FOSDEM.
And yes, it's utterly stupid. But that doesn't mean PHP won't do it.
> I was thinking on a FTP server where you log in with your wiki
> credentials and get to a private temporary folder. You can view pending
> files, delete, rename, append and create new ones (you can't read them
> though, to avoid being used as a sharing service).
> You are given a quota so you could upload a few large files or many
> small ones. Files get deleted after X time untouched.
> When you go to the page name it would have on the wiki there's a message
> reminding you of a pending upload an inviting you to finish it, where
> you get the normal upload fields. After transferring, the file gets
> public and you are returned the file size quota.
> Having a specific protocol for uploads also allow to store them directly
> on the storage nodes, instead of writing them via nfs from the apaches.
Yes, that sounds pretty nice.
-- daniel
More information about the Commons-l
mailing list