Re: reading http request raw data as stream

Erwin Moller wrote:
AviCoh@xxxxxxxxx wrote:

Hi,

Let me start with the question and then describe my case :
Is there a way to read the raw contents of an HTTP request in PHP as a
stream (i.e. not get it all at once from Apache) ?

In my case I am implementing an API for my server side app. One of the
actions in the API allows the posting of binary contents as
application/octet-stream. The size of this binary contents can get up
to several MBs.

I also employ a Basic HTTP authentication as part of the API, meaning,
that for every request I look for the authentication
headers(PHP_AUTH_USER and PHP_AUTH_PW). If the headers are missing (or
the credentials are not valid) I return "HTTP/1.0 401 Unauthorized" and
the client has to set the right headers and repost the request (no
problems here).

This scenario is kinda problematic for me, as the authentication check
is only performed when the entire request is complete and reached PHP.
So posting 5MB would result in posting 10MB for an unauthenticated
user.

Also, I use the nice stream wrapper 'php://input' in order to read the
posted binary contents, and again here I notice that the control is
passed to PHP only after the entire request had reached the server.

Any ideas on how to overcome this limitation ?

I'm using PHP 5.1 over Apache1.3 and Apache2.

Thx,
Avi

Hi Avi,

I do not know if that is possible, but why don't you simply make sure the
user is authenticated BEFORE offering the page that contains the file
upload?
That way the information is only send once.

Regards,
Erwin Moller

Thank you for your reply.
As mentioned, this is not a file upload page, but rather an API that
allows among other stuff sending file contents to the server.
All the actions in this API are discrete (i.e. indpendant of one
another) and on the client side the authentication is transparent to
the user and is carried out behind the scenes (in one case the client
is MS Wininet API for example).
It doesn't make sense to me that there are no equivalents to the Output
Control functions (ob_start and alike), for the input part.

What I'm asking for here is doable in Java, for instance, hence it
doesn't imply any deviation from the HTTP architecture or something
like that.

Rgrds,
Avi

.

Relevant Pages

  • Re: Is NTLM Authentication very expensive? (for bandwidth)
    ... request cause it has to do the challenge response, ... >> permissions and just using Integrated Authentication ... >> the server twice every time, once as anymous and once as ... because there are in total 57 failed anymous HTTP ...
    (microsoft.public.inetserver.iis.security)
  • urllib leaves sockets open?
    ... The router uses HTTP Basic authentication, ... The socket for the first request that failed is still ...
    (comp.lang.python)
  • Re: reading http request raw data as stream
    ... In my case I am implementing an API for my server side app. ... I also employ a Basic HTTP authentication as part of the API, meaning, ... that for every request I look for the authentication ...
    (php.general)
  • Re: XML/A Performance
    ... your theory seems to support our evidence. ... is being done for every request, ... confirms to the HTTP 1.1 spec), it gets a HTTP 401 status code and ... then it will resend with authentication; ...
    (microsoft.public.data.xmlanalysis)
  • Re: Design involving composition of inherited members.
    ... I am designing classes to work with an API. ... The API operates via XML ... Each API call involves sending a request and ... If the data packets' semantics are unique to each messageID, then each API method would know which particular serialization to use. ...
    (comp.object)