Tech Note: Safely Going Live with New Code

• Views: 1,833

Tonight’s geeked out post has to do with the difficulty of safely uploading changed web application files. Pretty sexy, huh?

When I make changes to one of the PHP scripts that drive the LGF Blog Engine, the new file has to be uploaded to the LGF web server, of course. The problem comes if someone happens to browse to that file while the upload process is taking place; this can lead to the browser being served corrupted data. The user may see a partial page load, an error, or just a blank screen in that case, and we all know how painful that can be.

The solution to this problem is known as a “file swap.” You upload the new file with a different temporary name, then rename the new file to the original name. This works because the Linux ‘mv’ command (which is used to rename files) does not actually rewrite any data; it simply changes the filename-to-inode mapping, so that the filename points to the new data. If the old file data is being read in the middle of this operation, it’s not a problem because the data continues to exist in its old location (for a while); the operating system doesn’t reallocate the inode and overwrite that data until all open file handles to it are closed.

In those long-ago days of yesteryear when the LGF Blog Engine was based on a flat file system, I used this swapping technique for almost everything, and solved some serious problems with race conditions that would occasionally wipe out files.

To finish off this short exercise in geekitude, here’s a bash shell script I use to automatically rename any recently uploaded temporary files.

(Note: when I upload a temporary file, I use the naming convention ‘filename.tmp.php’ so that the file is still a valid PHP file; this way if someone just happens to browse to it before it’s renamed, they won’t see a page full of PHP code. That would be annoying to them and a possible security problem for LGF.)

#!/bin/bash

# Rename LGF temp files to live versions

cd /path/to/weblog/folder/

if stat -t *.tmp.php >/dev/null 2>&1; then
    for tmp in *.tmp.php; do
        mv -i $tmp ${tmp/.tmp/}
    done
fi

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Cash.app
Recent PagesClick to refresh
Why Did More Than 1,000 People Die After Police Subdued Them With Force That Isn’t Meant to Kill? An investigation led by The Associated Press has found that, over a decade, more than 1,000 people died after police subdued them through physical holds, stun guns, body blows and other force not intended to be lethal. More: Why ...
Cheechako
Yesterday
Views: 30 • Comments: 0 • Rating: 0
A Closer Look at the Eastman State Bar DecisionTaking a few minutes away from work things to read through the Eastman decision. As I'm sure many of you know, Eastman was my law school con law professor. I knew him pretty well because I was also running in ...
KGxvi
Yesterday
Views: 85 • Comments: 1 • Rating: 1