httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Pane <bri...@apache.org>
Subject Re: Fixed htpasswd?
Date Sat, 14 Sep 2002 09:00:59 GMT
On Fri, 2002-09-13 at 20:55, William A. Rowe, Jr. wrote:
> That wasn't all that was borked here.  This file is a total mess, and
> needs to be entirely refactored.  We are trapping on situations that
> are not errors and shouldn't be expected to work (fail to open a non
> existant file for append?  Duh.)  And we entirely fail to look for errors
> and report them when we should.  The Apache project put its name
> behind this code?  Bleck.
> 
> I've gone ahead and committed the fixes I proposed earlier, including
> undoing all the bogus perror()'s.  With luck I will attack again tomorrow
> morning.  Until this code is modestly respectable, -1 on 2.0.41.

I just committed a few fixes.  The logic is functionally correct
now, and somewhat cleaner.  It could use some testing under Windows,
to make sure my changes to the file calls are portable.

There's one remaining major problem that I see:  We really should
be doing a rename(2) (and whatever its equivalent is on win32) to
atomically replace the old file with the temp file.  Otherwise,
there's a race condition if the old file is being read by an httpd
at the same time.  But htpasswd has always had this race condition,
including the 1.3 version, so I'm -1 on putting the atomic-rename
change in the critical path of the 2.0.41 release.  (The atomic
rename would require that we put the temp file in the same filesystem
as the target file, which would require some new logic and would
introduce some new error modes.)

Brian



Mime
View raw message