From: Philippe G. <phi...@an...> - 2006-02-07 11:30:33
|
Hi all, Here is a patch that correct the problem, Adam Retter a =C3=A9crit : >Sure, that would be great, or if this is the begining of a long and >beautiful eXist patching relationship them maybe it would be more >pertinent if you contact wolfgang and ask for developer memebership, you >could then commit to CVS yourself? > > =20 > I do not know if i have enough time to become an eXist commiter, but i=20 will think about it. >Whichever, please make sure you test your patched eXist thoroughly, im >wandering if there is more than one piece of code that makes use of >these session variables? It would need to be changed at least here and >at login, logout and anywhere else the username and password are >read/written from/to the session... > >Most of the developers hang out in #existdb on irc.freenode.net - might >be worth a visit... > >Thanks Adam. > >On Tue, 2006-01-31 at 19:11 +0100, Philippe Gassmann wrote: > =20 > >>Adam Retter a =C3=A9crit : >> >> =20 >> >>>I agree with Wolfgang, I write my applications entirely in XQuery... >>> >>>I have also encountered this problem, I was previously storing a nodes= et >>>of a users data in session("user"), which caused problems with eXist >>>REST xquery admin application. >>> >>>What I would recommend is changing the names of these session variable= s >>> =20 >>> >>>from the simple "user" "password" names to something like "_eXist_user= " >> =20 >> >>>and "_eXist_password" to prevent easy future collisions... >>> >>>=20 >>> >>> =20 >>> >>Good idea, do you want me to provide a patch ? >> >> =20 >> >>>thanks Adam. >>> >>> >>>On Tue, 2006-01-31 at 16:40 +0100, Philippe Gassmann wrote: >>>=20 >>> >>> =20 >>> >>>>Wolfgang Meier a =C3=A9crit :=20 >>>> =20 >>>> >>>> =20 >>>> >>>>>=20 >>>>> =20 >>>>> >>>>> =20 >>>>> >>>>>>I think it's clearly a bad idea to take the user used to do xquerie= s >>>>>> =20 >>>>>> >>>>>>from the session. In most application there will be no relation bet= ween >>>>> =20 >>>>> >>>>>>the db user and the user of the application. >>>>>> =20 >>>>>> =20 >>>>>> >>>>>> =20 >>>>>> >>>>>If users have write access to the database (which is the case for mo= st >>>>>of my applications), the application user will often be identical to >>>>>the database user. And as I tend to write my entire applications in >>>>>XQuery, I need a way to dynamically change the user that is currentl= y >>>>>running the query. >>>>> >>>>>=20 >>>>> =20 >>>>> >>>>> =20 >>>>> >>>>Humm ! An application written entirely in XQuery, great ! >>>>I only use eXist to store or retrieve XML data and Cocoon to process >>>>it, as it would be done in a classical SQL database. >>>>To dynamically change the user you could do something like this :=20 >>>><map:generate type=3D"xquery" src=3D"..."> >>>> <map:parameter name=3D"user" value=3D"{session:attributes/user}"/>= =20 >>>></map:generate> >>>>The code is ready to do things like this (in the setup() method, you >>>>get the user from the sitemap parameters and default user are taken >>>> =20 >>>> >>>>from the configure() function). >>> =20 >>> >>>> =20 >>>> >>>> =20 >>>> >>>>>Wolfgang >>>>> >>>>> >>>>>=20 >>>>> =20 >>>>> >>>>> =20 >>>>> >>>>--=20 >>>>Philippe=20 >>>> =20 >>>> >>>> =20 >>>> >>>------------------------------------------------------- >>>This SF.net email is sponsored by: Splunk Inc. Do you grep through log= files >>>for problems? Stop! Download the new AJAX search engine that makes >>>searching your log files as easy as surfing the web. DOWNLOAD SPLUNK= ! >>>http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=103432&bid#0486&dat=121642 >>>_______________________________________________ >>>Exist-open mailing list >>>Exi...@li... >>>https://lists.sourceforge.net/lists/listinfo/exist-open >>>=20 >>> >>> =20 >>> >> =20 >> > > >------------------------------------------------------- >This SF.net email is sponsored by: Splunk Inc. Do you grep through log f= iles >for problems? Stop! Download the new AJAX search engine that makes >searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! >http://sel.as-us.falkag.net/sel?cmd=3Dk&kid=103432&bid#0486&dat=121642 >_______________________________________________ >Exist-open mailing list >Exi...@li... >https://lists.sourceforge.net/lists/listinfo/exist-open > =20 > --=20 Philippe GASSMANN |