 | News Feed |
Sections
|
| feed this: |  |
Brian Moon's Blog: in_array is quite slow
by Chris Cornutt June 06, 2008 @ 09:36:47
Brian Moon had a problem - one of his cron jobs was lasting for much longer (hours!) than it should have been. He tweaked, tested and debugged the script and finally came down to a call to in_array, something he comments on as being "quite slow".
See, this job is importing data from a huge XML file into MySQL. After it is done, we want to compare the data we just added/updated to the data in the table so we can deactivate any data we did not update. [...] We then compared the two arrays by looping one array and using in_array() to check if the value was in the second array. [...] So, that was running for hours with about 400k items. Our data did not contain the value as the key, but it could as the value was unique.
He method, replacing the in_array call that had to do a full array scan for each time through the loop with an isset/unset combo on the unique key, changed the execution time down from about 4 hours to 0.8 seconds.
voice your opinion now!
inarray compare array unset isset unique key execution time
Nessa's Blog: Common PHP Errors
by Chris Cornutt December 10, 2007 @ 12:05:00
Nessa has set up a post in an effort to help budding PHP developers out there with some of the most common problems they might come across in their work and how to handle them a bit more gracefully with error handling:
I'm going back to the basics here, you know, when you wrote your first PHP script and saw an ugly-ass error message pop up on your screen? Error messages are the best tool a programmer has.
She talks about how to set up the error reporting first, making sure that you're getting things up and useful. From there she describes some of the common errors that you might see including:
- Parse errors
- MySQL Result source errors
- Stream errors
- Max Execution Time errors
Check out the rest of the post for more types.
voice your opinion now!
error handling parse mysql resource stream execution time error handling parse mysql resource stream execution time
Hardened-PHP.net: Zend Platform Multiple Remote Vulnerabilities
by Chris Cornutt August 24, 2006 @ 07:58:24
According to this new advisory on the Hardened-PHP project's site, there are some issues with the Zend Platform product that could cause a number of security issues becaue of malformed session IDs.
During the development of suhosin, which is our new PHP protection module, several compatibility tests with binary 3rd party PHP extensions like the Zend Platform and the Zend Optimizer have been made. When testing the session protection features of suhosin, we discovered that the session clustering system, which is shipping with the Zend Platform is vulnerable to several different attacks.
They mentions a few things a potential attacker could use this issue for, including crashing the session daemon, remote code execution, and being able to view and write files of their choice (like session files) to execute malicious code.
The details are listed out, but a "proof of concept" isn't published for this exploit. Thankfully, Zend has already provided a patch for the issue which can be downloaded at Zend's website (an upgrade to version 2.2.1a).
voice your opinion now!
vulnerabilities zend platform remote session execution crash vulnerabilities zend platform remote session execution crash
Net-Security.org: SUSE Security Announcement - php4,php5 problems
by Chris Cornutt June 16, 2006 @ 06:14:29
In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.
The four issues found are as follows:
- Invalid characters in session names were not blocked.
- CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
- CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
- CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.
These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here
voice your opinion now!
suse security issue remote code execution php4 php5 suse security issue remote code execution php4 php5
|
Community Events
Don't see your event here? Let us know!
|