This is not a corner case. The exact same thing could happen without

What is that thing? That the contents of a file changes after a request
is made and before the file is returned. In fact, there is no guarantee
that it won't change mid-return. This is a fact of life with files on
any filesystem. 

In fact, with the HTTP caching mechanisms, you could fail to get
up-to-date contents of a file, since the If-Modified-Since mechanism
will also fail. 

The problem here is that the application is using this static file
handling API to serve dynamic content. Wondering why it doesn't work is

Just to summarize again, this case requires that a file is created then
destroyed and another file created within the same second that has the
same size. Also, the original file must get into the cache, and the only
way that can happen is for the application to treat it as a long lived
static file. 

We have other means to cache dynamic data, and large chunks of dynamic
content saved as a file can avoid the fastpath cache by setting the
cachemaxsize parameter. Writing smaller content to disk doesn't make any
sense if your goal is speed...or security. 

It is probably even more important to tamp down these misconceptions
about how AOLserver works. Static and dynamic content are handled by
different API. The reason is that it has long been recognized by the
developers of AOLserver that different techniques are required to
maintain high performance based upon how the content is generated, its
expected lifespan, its size, and its potential for reuse.  

tom jackson

On Tue, 2008-08-19 at 03:00 -0400, Andrew Piskorski wrote:
> On Mon, Aug 18, 2008 at 06:06:23PM -0700, John Caruso wrote:
> > That'd be an improvement over the current situation, but it's still the 
> > case that AOLserver as currently shipped has a file cache mechanism built 
> > into it which 1) may return incorrect data and 2) is enabled by 
> > default.  Given the risk, I'd say fastpath caching should be disabled by 
> > default rather than enabled.
> Sounds right to me.  Either robustify Fastpath somehow against this
> corner case, or don't have Fastpath turned on by default.

AOLserver -

To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> 
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: 
field of your email blank.

Reply via email to