[#6411] Replace vfs-direct with X-Sendfile support
Summary Replace vfs-direct with X-Sendfile support
Queue Ansel
Type Enhancement
State Resolved
Priority 1. Low
Owners mrubinsk (at) horde (dot) org
Requester mrubinsk (at) horde (dot) org
Created 2008-03-09 (4028 days ago)
Updated 2008-05-21 (3955 days ago)
Assigned 2008-03-15 (4022 days ago)
Resolved 2008-05-21 (3955 days ago)
Patch No

2008-05-21 20:53:46 Michael Rubinsky Comment #9
State ⇒ Resolved
Reply to this comment
2008-05-18 03:37:41 Chuck Hagenbuch Comment #8
Assigned to Michael Rubinsky
Taken from Chuck Hagenbuch
Reply to this comment
Done. You can use the new VFS::readFile() method to get a local file 
for use with x-sendfile. With the file backend it'll just return the 
local filename - a much cleaner solution for vfs-direct that should be 
just about as fast.
2008-03-15 20:42:39 Michael Rubinsky Comment #7
Assigned to Chuck Hagenbuch
State ⇒ Assigned
Reply to this comment
Chuck, assigning to you since you said you had VFS api changes to 
support this...

you can kick it back to me if I am mistaken :)
2008-03-10 14:34:36 Michael Rubinsky Comment #6 Reply to this comment
Yep, exactly.  What I'm suggesting is to keep it as an *option*, in 
addition to the X-Sendfile, for those sites that are OK with the 
photos being accessible without permissions checking.

If not, I don't feel strongly about it. It was just a thought.
2008-03-10 08:43:42 Jan Schneider Comment #5 Reply to this comment
Which is good because it allows us to check permissions. If we could 
shortcircuit permission checking even better, but at the moment 
permissions aren't checked at all. I don't know if we deem security by 
obscurity through hard to guess path/file names sufficient.
2008-03-09 22:06:36 Michael Rubinsky Comment #4 Reply to this comment
Would it still be worth keeping vfs-direct as an option though for 
those sites that are OK with allowing it?  For Ansel, at least, it 
would save having to load an Ansel_Image object from the database just 
to get the VFS path to send with X-Sendfile header...
2008-03-09 05:41:35 Chuck Hagenbuch Comment #3 Reply to this comment
It's also more flexible than vfs-direct, since we can use it anytime 
it's more efficient to get a local file out of the VFS - with the FTP 
backend, for example.

I have some ideas on API changes to VFS for this and then 
BC-compatible ways to use them in Ansel, Gollem, maybe IMP too.
2008-03-09 05:39:17 Michael Rubinsky Comment #2
State ⇒ Accepted
Reply to this comment
...although just a note that mod_xsendfile for Apache is 2.x only.
2008-03-09 05:37:57 Michael Rubinsky Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ Replace vfs-direct with X-Sendfile support
Queue ⇒ Ansel
Reply to this comment
From Jan:

How about deprecating vfs-direct in Ansel for X-Sendfile support?


Works with both Apache and Lighttpd, fixes the permissions problem,

and the admins don't have to do much more configuration than with the

vfs-direct feature.

Saved Queries