[Phplogcon-dev] Database abstraction layer for phpLogCon

Wed Dec 7 18:40:38 CET 2005

text_CAPATCHA,  think i spelled it right, look at pear, this could be
(required/optional) for login along with passwords
Rev 2 issue?

Programming 101

More security = harder to use and no one likes it
Less security = easy to use, and not enough to keep bad guys out

we need to be in between, or let user set the amount of security they want.
For me, i would enable it.

Then we could log login attempts. and disable account after x attempts,
except for 1 account that would be admin account!!
Or limit number pre time interval (min/hour/day)

On 12/7/05, Rainer Gerhards <rgerhards at hq.adiscon.com> wrote:
>
> hehe... another low priority todo list item - tarpiting attacks (after
> all, such a brute force may case the system to exhaust its
> ressources...)
>
> --Rainer
>
> > -----Original Message-----
> > From: phplogcon-dev-bounces at lists.adiscon.com
> > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of
> > Brian Shea
> > Sent: Wednesday, December 07, 2005 5:08 PM
> > To: phplogcon-dev at lists.adiscon.com
> > Subject: Re: [Phplogcon-dev] Database abstraction layer for phpLogCon
> >
> > Agree, we are not a high volume application.
> >
> > Side note:
> >  Maybe a good thing to slow it down in the case of brute
> > force password
> > cracking. (Users Table). (scripts can do this, not for us to
> > worry about,
> > yet).
> >
> >
> > On 12/7/05, Michael Meckelein <mmeckelein at hq.adiscon.com> wrote:
> > >
> > > > Well... I've gone through the references and my guess is that Pear
> > > will
> > > > probably be not that bad in our case (though ADOdb might
> > be something
> > > we
> > > > should look at).
> > >
> > > This ->
> > >
> > > > My reason is that I think we do relatively simply
> > > > queries. Anyhow, these simple queries can relate to a lot
> > of i/o at
> > > the
> > > > database itself, which probably turns out to be the botleneck.
> > >
> > > is exactly the point. phpLogCon does not bother the
> > database with a high
> > > amount of queries. The queries are typical simple as Rainer
> > mentioned.
> > > Just using some where clauses and only SystemEvents table
> > have to select
> > > if phplogcon works with data.
> > >
> > > Michael
> > >
> > > >Of
> > > > course, nothing of this is verified, but I have the
> > strong impression
> > > > that performance will not be that much of an issue (well, to be
> > > > precisely "performance of the abstraction layer" -
> > performance per se
> > > > *is* an issue, especially with the potentially huge
> > amounts of data we
> > > > have in syslog... ;)).
> > > >
> > > > So my educated (but unverified) opinion is that it would
> > probably be
> > > > worth looking at Pear. I Am still of the view that native
> > DB support
> > > via
> > > > our own layer is causing more trouble than it is worth.
> > > >
> > > > My 2cts...
> > > >
> > > > Rainer
> > > >
> > > > > -----Original Message-----
> > > > > From: phplogcon-dev-bounces at lists.adiscon.com
> > > > > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of
> > > > > Michael Meckelein
> > > > > Sent: Wednesday, December 07, 2005 12:39 PM
> > > > > To: phplogcon-dev at lists.adiscon.com
> > > > > Subject: Re: [Phplogcon-dev] Database abstraction layer for
> > > phpLogCon
> > > > >
> > > > > > Of course, the question is what implications Pear has - e.g.
> > > > > > performance-wise.
> > > > >
> > > > > Of course, abstraction layer have naturally impact on
> > > > > performance. I did
> > > > > some research about pear::db performance. I was
> > surprised some say
> > > > > "PEAR::DB code will run at about 3/8 the speed of the equivalent
> > > > > DBMS-specific code" [1]. Also found some benchmark
> > indicating that
> > > is
> > > > > true [2][3].
> > > > >
> > > > > As I already wrote, I have used pear::db in small projects
> > > > > and it works
> > > > > great. The impact of the abstraction layer was hardly noticeable
> > > > > (subjective), but I have not made any performance testing.
> > > > >
> > > > > "Is PEAR DB worth using?" [4] found at comp.lang.php.
> > It's a good
> > > > > decision indicates that it worth to use a db
> > abstraction layer. I
> > > > > support this approach since I know about the trouble,
> > testing and
> > > time
> > > > > effort for developing your own db wrapper.
> > > > >
> > > > > Michael
> > > > >
> > > > > [1] Impaired performance of pear::db
> > > > > http://www.hudzilla.org/phpbook/read.php/9_6_4
> > > > > [2] simple benchmark (08/13/02) comparing some db
> > abstraction layer
> > > > > http://freshmeat.net/screenshots/30313/
> > > > > [3] Comparing ADODB with PEAR DB, MDB, dbx, Metabase and Native
> > > MySQL
> > > > > http://phplens.com/lens/adodb/
> > > > > [4] Is PEAR DB worth using?"
> > > > > http://groups.google.com/group/comp.lang.php/browse_frm/thread
> > > > > /1d1dca65e
> > > > >
> > 2c097af/f3d8197af6c9d4f8?lnk=st&q=pear+db+performance&rnum=2&hl=en
> > > > >
> > > > > _______________________________________________
> > > > > Phplogcon-dev mailing list
> > > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> > > > >
> > > > _______________________________________________
> > > > Phplogcon-dev mailing list
> > > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> > > _______________________________________________
> > > Phplogcon-dev mailing list
> > > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> > >
> > _______________________________________________
> > Phplogcon-dev mailing list
> > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> >
> _______________________________________________
> Phplogcon-dev mailing list
> http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
>