[TriLUG] Odd website behaviour

Igor Partola igor at igorpartola.com
Tue Apr 9 15:14:30 EDT 2013


Brian,

Several things before the main issue. First, if you can serve these images
out of /tmp, does that mean that your server's entire /tmp is accessible to
the whole world? If I can guess a filename, can I grab random temporary
files that are readable by the www-data user? That's probably not good.
Instead, I'd create something like /tmp/my-web-images and point apache at
that instead.

Second, storing images in a database is funky, but I assume there is some
reason to do this.

What I would suspect is that while the image is being retrieved and
echo'ed, PHP prints some kind of a warning. Try doing everything by
actually echo'ing the image data, and view the page as text (fetch it into
a file) and see if there is any extraneous data in there. Your PHP and
apache executables might not have changed, but some underlying library
might have.

Igor


On Tue, Apr 9, 2013 at 3:08 PM, Brian McCullough <bdmc at buadh-brath.com>wrote:

> Folks,
>
> Once again I am digging into the extensive knowledge of this group.
>
>
> I have a database driven web site, Apache + PHP + Informix in AIX, that
> has been running, in this machine, for serveral years.  Of course, the
> code has varied over the years as improvements have been requested by
> the client.
>
> However, this particular feature has worked for a long time, perhaps as
> long as the site has been around.
>
> Just recently, it has stopped displaying images.
>
> The images are stored in the database, and there are two methods for
> displaying them.  Either they are retrieved from the database with an
> external program, stored in /tmp and displayed from that file, or they
> are streamed directly from the database field with an echo.
>
> The web page has an IMG tag that points at the PHP function that
> retrieves the data.
>
> As I say, this has worked for years, until quite recently.
>
>
> There is nothing in Apache's error_log except a warning that headers
> can't be sent twice, but that hasn't stopped anything before.
>
> Apache and PHP have not changed during this period, while it worked or
> afterward.
>
> If I take the picture that is in /tmp, I can display it by addressing it
> directly, but the web site refuses to show it "normally."
>
>
> Any bright ideas?
>
>
>
> Thanks,
> Brian
>
> --
> This message was sent to: Igor Partola <igor at igorpartola.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/igor%40igorpartola.com
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list