perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peder...@meridian-enviro.com
Subject Re: [RFC PATCH BUG DBI] Apache::AuthDBI broken
Date Tue, 04 Apr 2006 00:19:11 GMT
I just noticed one additional tweak that would be worth adding to your list:

It would be good to add "DISTINCT" to the group select statement...  That
is, change (after my patch):
  my $select    = "SELECT $Attr->{grp_field}, $Attr->{uid_field}";
to:
  my $select    = "SELECT DISTINCT $Attr->{grp_field}, $Attr->{uid_field}";

Consider the following setting:

  PerlSetVar Auth_DBI_grp_whereclause    "users.superuser = 'Y' OR
(users.id = user_groups.user_id AND user_groups.group_id = groups.id)"

This currently results in a *VERY* long list of groups when a superuser
logs in.  :)

I don't think there's any down-side to adding DISTINCT.  (Is it standard
sql?  I think it probably is, but I don't have a reference.)  If there
is, it would be worth adding another yes/no knob to the config.

Thanks!


> pedersen@meridian-enviro.com wrote:
>> The newest version of Apache::AuthDBI is broken.  When used under
>> Apache 1, it has compile-time errors introduced with Apache 2
>> compatability.  This diff fixes that, and also some older problems:
>>
>>   - fixes case sensitivity of usernames and passwords
>>   - fixes O(n) search of database when using case insensitive usernames
>>   - cleans up several warnings that flooded apache's error log
>>   - added () around configurable where clauses so putting an OR in the
>> where-clause don't have surprising behavior.
>>
>> Can someone commit it?
>>
>> Thanks fellas
>>
>> PS.  I also posted the attached diff in case it gets garbled:
>>
>> http://bilbo.hobbiton.org/AuthDBI.diff
> I'm the maintainer.  I'm working with svn.perl.org to get the svn commit
> bit
> in place I can Import all the releases that have happened since .94.
> After
> that I've got a string of things to fix/add.
>
> I'll tac this to the list.
>
>
> --
> ------------------------------------------------------------------------
> Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
> Consultant / http://p6m7g8.net/Resume/resume.shtml
> Senior Software Engineer - TicketMaster - http://ticketmaster.com
> 1024D/A79997FA F357 0FDD 2301 6296 690F  6A47 D55A 7172 A799 97F
>
> "It takes a minute to have a crush on someone, an hour to like someone,
> and a day to love someone, but it takes a lifetime to forget someone..."
>
>



Mime
View raw message