httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <>
Subject Re: mod_auth[nz]_dbd password caching
Date Sat, 03 Dec 2005 23:51:27 GMT
Hi Phil,
A while back I wrote a auth wrapper which used a MD5 hash inside a 
cookie  to determine if the user was authenticated. If the cookie was 
invalid or not present it would fall back to the regular auth method (in 
your case a DB hit).
It also had a bit which sat just after the authentication section which 
would create the cookie on successful authentication.

If you would like I could see if I can find this.. I don't think I 
actually made use of it after I wrote it ;(

Phil Endecott wrote:
> Dear All,
> First of all, congratulation on the release of 2.2.
> I use mod_auth_pgsql at, and found a problem 
> earlier in the year.  To get reasonable performance you need to use the 
> module's caching mechanism, but this cache is not flushed or updated 
> when the database changes.  So things don't work properly when the user 
> changes their password.
> I started to think about fixing it myself but quickly realised that both 
> the database and authentication frameworks were changing in 2.1+ and 
> decided to wait before doing anything.  I now see that 2.2 has 
> mod_auth[nz]_dbd - great!
> However, as far as I can see from 
> and the source, 
> this new module doesn't do any caching.  Is this true?  To get the sort 
> of performance that I need for my site I really need in-memory caching 
> of passwords, but I also need to solve mod_auth_pgsql's non-updating 
> problem.  The solution to this is to use PostgreSQL's asynchronous 
> notification mechanism: the module issues a "LISTEN" command and is then 
> notified when the password table changes.  I don't know if the APR DB 
> interface has any support for this (it doesn't seem to be documented at 
> all at; even if it 
> does, it is not portable to other databases.
> Has anyone looked at this?  If no-one is working on this and you think 
> it would be a useful feature to add, I may be able to write something 
> with a bit of help.
> Cheers,
> --Phil.

View raw message