Proposal for HTTP::HTTP

Thread: Proposal for HTTP::HTTP_FloodControl

Search this list only Search all lists
Proposal for HTTP::HTTP_FloodControl
	2007-03-05 03:13:16
Vagharshak Tozalakyan (http://pear.php.net /user/vagharsh) proposes HTTP::HTTP_FloodControl. You can find more detailed information here: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

Comment on HTTP::HTTP_FloodControl
	2007-03-05 03:52:29
Bertrand Mansion (http://pear.php.net/ user/mansion) has commented on the proposal for HTTP::HTTP_FloodControl. Comment: I think you should make it a PHP5 package and use class constants instead of defines and exceptions instead of pear errors. Or make your defines more standard, using a longer prefix to avoid collisions. I am also afraid $_SERVER['REMOTE_ADDR'] is not reliable, especially if users are behind a router/proxy (they will share the same IP and they might be quickly locked out on big traffic or big corporate sites where users all connect at the same hour in the morning...). As stated in this security report, it is also possible to spoof the IP adress given by $_SERVER['HTTP_X_FORWARDED_FOR'], so beware : http: //osvdb.org/displayvuln.php?osvdb_id=23882 There is also this comment, but I doubt it is more useful: http://fr2.php.net/manual/en/reserved.variables.php#706 40 This one might need more investigation: http://fr3.php.net/manual/en/function.getenv.php#41833 It would be interesting to know what the various books on PHP security propose for such a problem. Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

Comment on HTTP::HTTP_FloodControl
	2007-03-05 09:31:44
Vagharshak Tozalakyan (http://pear.php.net /user/vagharsh) has commented on the proposal for HTTP::HTTP_FloodControl. Comment: >> I think you should make it a PHP5 package and use class constants instead of defines and exceptions instead of pear errors. Or make your defines more standard, using a longer prefix to avoid collisions. Sure, among other things it will allow to use different object-oriented features (e.g. abstract classes for storage drivers). The only reason because of which I have written a PHP4 compatible code is that many shared hosting servers do not support PHP5 till now. I'm a novice to PEAR development and would like to know what version of PHP is prefered to use for new packages? Also I would like to know is there any recommendations on how to construct name prefixes of defined constants? >> I am also afraid $_SERVER['REMOTE_ADDR'] is not reliable, especially if users are behind a router/proxy (they will share the same IP and they might be quickly locked out on big traffic or big corporate sites where users all connect at the same hour in the morning...). I agree with you on that issue, that's why I decided to allow the users to define a control criterion they will prefer as the second parameter of check() method. It may be a real IP address detected by one of the methods, an address of a subnet, a session identifier, a fingerprint calculated custom way, etc. What do you think , is it necessary to impose an IP detection method on the user? Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

Comment on HTTP::HTTP_FloodControl
	2007-03-05 09:37:14
Vagharshak Tozalakyan (http://pear.php.net /user/vagharsh) has commented on the proposal for HTTP::HTTP_FloodControl. Comment: >> I think you should make it a PHP5 package and use class constants instead of defines and exceptions instead of pear errors. Or make your defines more standard, using a longer prefix to avoid collisions. Sure, among other things it will allow to use different object-oriented features (e.g. abstract classes for storage drivers). The only reason because of which I have written a PHP4 compatible code is that many shared hosting servers do not support PHP5 till now. I'm a novice to PEAR development and would like to know what version of PHP is prefered to use for new packages? Also I would like to know is there any recommendations on how to construct name prefixes of defined constants? >> I am also afraid $_SERVER['REMOTE_ADDR'] is not reliable, especially if users are behind a router/proxy (they will share the same IP and they might be quickly locked out on big traffic or big corporate sites where users all connect at the same hour in the morning...). I agree with you on that issue, that's why I decided to allow the users to define a control criterion they will prefer as the second parameter of check() method. It may be a real IP address detected by one of the methods, an address of a subnet, a session identifier, a fingerprint calculated custom way, etc. What do you think , is it necessary to impose an IP detection method on the user? Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

Changes in proposal for HTTP::HTTP_FloodControl
	2007-03-06 06:02:30
Vagharshak Tozalakyan (http://pear.php.net /user/vagharsh) has edited the proposal for HTTP::HTTP_FloodControl. Change comment: Now it is a PHP5 package... Please review the proposal: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

Call for votes on HTTP::HTTP_FloodControl
	2007-03-12 12:10:54
Vagharshak Tozalakyan (http://pear.php.net /user/vagharsh) has initiated the call for votes on HTTP::HTTP_FloodControl. Please review the proposal and give your vote here: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

+1 for HTTP::HTTP_FloodControl
	2007-03-12 12:23:36
Christian Weiske (http://pear.php.net/ user/cweiske) has voted +1 on the proposal for HTTP::HTTP_FloodControl. Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 Vote information: http://pear.php.net/pepr/pepr-vote-show.php ?id=476&handle=cweiske This vote is conditional. The condition is: Nice package. Next time, please provide .phps files for your sources. - Make your private variables public unless you want to explicitely forbid using them in derived classes. - Always add a space between catch and the opening brace. - The constructor docblock has a typo in HTTP_FloodControl_Container. - set() in the file container has a typo in the exception text - When throwing an exception based on a PEAR_Error, also pass the error code as second parameter to the exception constructor. -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

+1 for HTTP::HTTP_FloodControl
	2007-03-12 14:01:35
Giuseppe Dessi (http://pear.php.net/u ser/thesee) has voted +1 on the proposal for HTTP::HTTP_FloodControl. Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 Vote information: http://pear.php.net/pepr/pepr-vote-show.php? id=476&handle=thesee -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

+1 for HTTP::HTTP_FloodControl
	2007-03-12 22:01:11
Igor Feghali (http://pear.php.net /user/ifeghali) has voted +1 on the proposal for HTTP::HTTP_FloodControl. Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 Vote information: http://pear.php.net/pepr/pepr-vote-show.ph p?id=476&handle=ifeghali -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

+1 for HTTP::HTTP_FloodControl
	2007-03-12 22:36:23
Greg Beaver (http://pear.php.net/u ser/cellog) has voted +1 on the proposal for HTTP::HTTP_FloodControl. Proposal information: http://pear.php.net/pepr/pepr-proposal-show.php?id=476 Vote information: http://pear.php.net/pepr/pepr-vote-show.php? id=476&handle=cellog This vote is conditional. The condition is: Interesting package. you need to extend PEAR_Exception so that users can catch exceptions specific to your package try { $blah->check('whatever'); //... } catch (HTTP_FloodControl_Exception $e) { } just add in class HTTP_FloodControl_Exception extends PEAR_Exception {} and that will be fine. also a minor note: in the File container, you have a minor typo "temprorary" instead of "temporary" -- Sent by PEPr, the automatic proposal system at http://pear.php.net -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

[1-10] [11]

about | contact Other archives ( Real Estate discussion Medical topics )