httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@imdb.com (Rob Hartill)
Subject notes on 1.1b4 authorization and table_set() function calls. (fwd)
Date Mon, 24 Jun 1996 23:23:08 GMT

not acked.



Message-Id: <199606242253.SAA26896@kci.kciLink.com>
To: Apache Bugs <apache-bugs@mail.apache.org>
Subject: notes on 1.1b4 authorization and table_set() function calls.
Date: Mon, 24 Jun 1996 18:53:12 -0400
From: Vivek Khera <khera@kci.kciLink.com>

I was just playing around trying to make some more optimizations to my msql
authorization module, and noticed this interesting effect.

Given a directory protected only by group authorization, fetching the
directory name (forcing use of the implied index.html file) the group
authorization check is called twice for the index.html file.  For example:

Given the directory a2 in document root.  htaccess says to authenticate using
group ``admin'':

<Limit GET POST>
require group admin
</Limit>


And the srm.conf has this search list:

DirectoryIndex index.html index.shtml index.phtml index.cgi index.htm

When fetcing http://www.govcon.com/a2/ Apache will request the group list for:

 /a2/
 /a2/index.html
 /a2/index.html

then serve up the document.  Note that it requests the group list twice for
the document it does find.  I printed out the URI (r->uri) of the request in
the check_auth handler function -- this is how many times that function is
called in my module by Apache per HTTP request.

If index.html does not exist, it will use index.shtml, in which case the
server calls check_auth with the URI set to each of:

 /a2/
 /a2/index.html
 /a2/index.shtml
 /a2/index.shtml

However, if I request /a2/index.shtml directly, it only calls check_auth
exactly once as expected for that URI.

I haven't looked into the complexity of this just yet, but it would seem to me
it makes more sense to test for the existence of the file *before* testing for
authorization of access to the file.  I'm sure people who rely heavily on
authorization would agree, too.  This would greatly reduce the number of hits
on the authorization database for access to a file that doesn't exist.



Secondly, I notice that at many places you call table_set() with the third
parameter as pstrdup(...) when table_set() does that for you already.  Not a
big deal as the space will be reclaimed rather quickly, but it does seem to be
an expensive operation to do given that it will just be pstrdup()'d again
immediately.

Thanks for your attention.

								v.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                        Khera Communications, Inc.
Internet: khera@kciLink.com               Rockville, MD       +1-301-258-8292
PGP/MIME spoken here                      http://www.kciLink.com/home/khera/

----- End of forwarded message from Vivek Khera -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message