[wp-hackers] Security Vulnerability found - Forum Post

David Chait davebytes at comcast.net
Fri Apr 15 21:25:21 GMT 2005

yes, generally any apache/php request is a temporal, one-shot process, completely stateless.  Frankly, the entire web works that way.  'State' is introduced using things like sessions and cookies, and in more advanced applications sessions migrate to data stores, java applets can store state in javabeans that can even migrate between servers, etc.

the only truly persisting web apps would be connected java/etc. which open up a communication socket (TCP or otherwise) with a server and it remains open for an extended duration.  all other persistance on the web is otherwise 'artificial', using some kind of caching mechanism (cookie, sessions, to disk, in memory, to db server, etc.).  There's power and flexibility from that, in that you can scale lightweight sites to heavily redundant server farms with ease (heavier sites, with lots of session data get a bit more complex, usually requiring persisting the session state into a separate db server cluster on the back end...).

fun fun fun. ;)

  ----- Original Message ----- 
  From: Amit Gupta 
  To: wp-hackers at lists.automattic.com 
  Sent: Friday, April 15, 2005 3:25 PM
  Subject: Re: [wp-hackers] Security Vulnerability found - Forum Post

  oh well!! I didn't know the variables & objects are destroyed after an HTTP Request is served!!

  Amit Gupta

  || Canned!! -- my Atropine || iG:Syntax Hiliter v2.01 ||
  || iGEEK.INFO || Free Nokia Ringtones || Online Gaming @ Games Planet || 

  ---------- Original Message from "David Chait" <davebytes at comcast.net> ----------
  the database is opened once, when the $wpdb object is instantiated.  unless plugins are manually accessing the db themselves (which
  they SHOULDN'T!), one connection is opened when a HTTP request comes in, and remains open only for the context of that request.  if by
  'page' you mean 'later included PHP file', that already occurs.  if by 'page' you meant 'next HTTP request', there's no persistance.


  wp-hackers mailing list
  wp-hackers at lists.automattic.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050415/e97d87c6/attachment.html

More information about the wp-hackers mailing list