On 20/03/2008, Xavier Bestel xavier.bestel@free.fr wrote:
Just as a datapoint, I have been very disappointed with drupal's performance until I got rid of that private filesystem thing. Filtered access through drupal (5.x) and direct access (i.e. just apache) are like day and night in terms of speed. Previously I could watch my acidfree galleries display one thumbnail per second, now the whole page displays instantly.
Yeah it isn't a good solution for popular pages that require lots of images downloaded to display - as each image is a whole new Drupal bootstrap. Private downloads turns a gallery listing that was 1 Drupal bootstrap and 20 Apache downloads into 21 Drupal bootstraps which is a whole lot more server load (up to 20x more).
But it is good for standalone downloads (eg not on-page images) that don't get downloaded that often but still need protection. It doesn't add much extra load in that scenario.
I understand the /system/ dir is needed for access control, but the way it's implemented looks suboptimal to me. Not that I have a better idea right now.
There isn't much that can be done about that. If Drupal needs to decide whether or not to allow access to the file, Drupal needs to be bootstrapped.
One (security through obscurity) possibility that might work for some sites: Your public downloads could be protected by Apache checking for "authorised" referer headers. If the referer header contains url(s) that only authorised Drupal uses can get to, you could assume they were authorised to download the files.
An unauthorised visitor would have to forge those headers to get around that. Although it is only "Security through obscurity" that should be enough of a barrier for most sites/webmasters to be happy with.