[Clipart] Site fixup work
Jonadab the Unsightly One
jonadab at bright.net
Fri Nov 18 07:21:23 PST 2005
Bryce Harrington <bryce at bryceharrington.org> writes:
> No functional changes were implemented so whatever non-security
> issues existed are still there... :-/
>
> However, I've never noticed any unusual performance issues.
I was referring to the performance issues noted in the following
message from back in July, about which AFAIK nothing has yet been
done:
From: Jon Phillips <jon at rejon.org>
Message-Id: <1120809401.19843.62.camel at localhost>
Subject: [Clipart] Recent fd.o disk IO is our issue
To: OCAL list <clipart at lists.freedesktop.org>
Date: Fri, 08 Jul 2005 00:56:41 -0700
Well, Bryce and I noticed massive disk IO issues with the
freedesktop.org server that OCAL is on. We both discussed this with
Daniels and he recently just posted this on the chat channel:
(00:48:24) daniels: um, guys
(00:48:35) daniels: so, there's good news and bad news
(00:48:47) daniels: good news: i found out what's causing the io load on
gabe
(00:48:49) daniels: bad news: it's you
(00:48:55) daniels: /cgi-bin/navigate is incredibly disk-heavy
(00:49:26) daniels: also, navigate and the screenshot script are
insecure in terms of allowing external paths
(00:49:32) daniels: i.e. not normalising ../../../, etc
(00:49:35) daniels: bbl
Thus, we should discuss these issues, as DMS is also very disk-centric
as well. Also, as our clipart library increases in size these issues are
going to be coming up more and more.
We should think about how to speed up the navigate engine and fix the
security problem in the navigate and screenshot scripts. Thoughts?
Jon
More information about the clipart
mailing list