News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Andy Bakun's Blog:
Race Conditions with Ajax and PHP Sessions
November 14, 2006 @ 09:49:00

Race conditions in applications can be one of the hardest things to work out the kinks on, especially in a more complex application you're adding the new functionality to. One such instance comes up when you add Ajax functionality into the mix. Because of its asynchronous nature, it can cause a race condition version easily. Andy Bakun has been there and done that in his code and has found some helpful hints he's sharing in this (info packed) post over on his blog.

One of the problem with race conditions is that it is often difficult to actually witness the ramifications of one when it happens, especially if you are not aware of it. If you've used PHP's built-in, default session handling (that uses files), you'll never come across the problem. However, things get interesting once you start using session_set_save_handler to write your own session handler.

He breaks it down into some more manageable chunks:

  • A Multi-processing but non-Threaded Environment
  • The Default PHP Session Handler
  • Observing the Race Condition
  • The Demo App Interface
  • Resource Contention
  • Minimizing Lock Holding Time
  • Why is per-variable locking important?
  • Rolling Your Own Session Handler
  • The Code
See? You didn't believe me when I said it was long...there's tons of great info in there about working with sessions in PHP and how to get Ajax to play nice when manipulating the data inside them. There's plenty of test code and some sidebars with additional information to keep you reading for a while. Be sure to check this one out, even if you're just working with PHP sessions and Ajax and don't have a race condition issue in your app - never hurts to be prepared.

0 comments voice your opinion now!
ajax session threaded handler race condition tutorial lock ajax session threaded handler race condition tutorial lock


Hardened-PHP Project:
Advisory - PHP open_basedir Race Condition Vulnerability
October 04, 2006 @ 09:10:00

The Hardened-PHP Project has released another vulnerability today, this time it's an issue with one of PHP's own internal functions - open_basedir.

The design of the open_basedir feature of PHP that is meant to disallow access to files outside a set of configured directories is vulnerable to race conditions.

It was discovered that this design flaw can be exploited with the usage of PHP's symlink() function in a very easy way. We believe that the only solution to this problem is disabling the function symlink() while open_basedir is used (this feature was therefore added to our Suhosin PHP Security Extension).

They also note, unfortunately, that the problem may not be fixable due to how it can be implemented. They provide a more detailed explaination and some PHP psuedo-code to help illustrate the point.

0 comments voice your opinion now!
openbasedir vulnerability race condition openbasedir vulnerability race condition



Community Events





Don't see your event here?
Let us know!


language introduction install unittest laravel community framework list series threedevsandamaybe opinion developer symfony2 testing release api interview refactor podcast code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework