Welcome Guest, Not a member yet? Register   Sign In
Performance issues with FTP uploads to remote server?
#1

[eluser]cyberjunkie[/eluser]
Fellow Codeigniter users, has anyone used the FTP class to upload files to a remote server?

I'm planning to upload all my images to a remote server on a different FTP account that will store all user uploads. I figure it will be more secure and easier to manage. Does uploading to a remote server effect site performance?
#2

[eluser]Aken[/eluser]
Yes, performance will be affected. You'll essentially be transferring a file twice - once from the user's computer to your server, and again from your server to the remote server. At least I'm pretty sure that's how it works - I have never used that library.

There are also other performance drawbacks to serving files on your website that are hosted elsewhere, depending on where they are hosted (big, fancy CDNs are much better than a shared hosting server - that sort of thing).

If your website doesn't see much traffic, and your files aren't too large, it probably wouldn't be too big a deal.
#3

[eluser]skunkbad[/eluser]
I've heard that it is more secure to serve your website's images from another domain. I don't think it has to be on another server, but if FTP is the only way to get it there, then I think it's a good thing. Take for example an image that has been altered to include PHP code. I've done this with a .gif image, and when served the PHP will run. If you allow somebody to upload images, they could add PHP inside it, and it would run when the image is served, which is bad. Have you ever done this? Yes, it is quite mischievous. Do you want people to be able to run PHP code on your server? Probably not.

I do a lot of file uploads that get instantly FTPd to another server. There is a performance issue, because you never really know the status of the other server, and the condition of the connection between the two servers is never really known. You need to plan to have a fallback, where the upload is temporarily stored on the first server should the FTP connection fail.
#4

[eluser]Aken[/eluser]
I think the only security benefit of serving static assets from another domain would be that you can control that domain to serve ONLY static assets, and not execute or parse anything else. You can do this on your own server, also, you just have to do it to a directory. At least that's what I've gathered after doing some researching for the last half hour or so.

I actually read about something that I had forgotten about, and not really addressed recently, and that's how a wannabe-hacker can inject PHP into an image file, and if that image file doesn't go through the necessary precautions, it can be parsed on your server, leading to some serious vulnerabilities. Actually pretty scary how easy it is. This is a good reason to serve images and other uploads from a specialized area, even if that means a folder with explicit permissions and settings.

Lots of people do use offsite storage for various assets and uploads, though (Amazon S3 for example). Sure, there is a little performance hit, but sometimes it's worth it. Really depends on your situation.
#5

[eluser]CroNiX[/eluser]
We run apache for the main site and serve the images from a subdomain on the same server, which runs on NGINX server whose sole purpose for us is to serve images. No html or php or anything else. Browsers are usually limited to, I forget the number, but its something like loading 4 or 5 files from a single domain simultaneously. So if you use one domain to do the main site and a separate domain (or subdomain) to serve images, you can get quite a speed increase in the time it takes a website to popup in a browser, because you can load that many more resources simultaneously.
#6

[eluser]Aken[/eluser]
If you do utilize resources from another domain, consider prefetching the DNS for more zippiness: http://html5boilerplate.com/docs/head-Ti...refetching
#7

[eluser]cyberjunkie[/eluser]
Thank you all for your guidance! I'll take your advice and try to store images in the same server but on a separate domain. I think a slower performance is better than someone uploading a bad php script and accessing it from the webserver.

@Aken thanks for the prefetching the DNS tip
#8

[eluser]skunkbad[/eluser]
Just because it is somewhat related, I thought I'd share something. Although not new, this week I stumbled upon phpseclib. The testing server that I've been working with doesn't have php's ssh2 functions, and I was looking for a way to use SSH/SFTP to upload a file to another server. phpseclib does it, and a whole lot more. I don't see a performance difference vs FTP, but it's another option, in case you need one.




Theme © iAndrew 2016 - Forum software by © MyBB