From: Chuck E. <Chu...@ya...> - 2001-11-12 14:23:35
|
On Tuesday 23 October 2001 03:30 pm, Ken Lalonde wrote: > Here's a set patches to Webware (CVS as of today), > which I hope will be useful to others. > The changes are: > * WebKit/Session.py: > Improve security by making the session identifier > harder to guess. Accepted. I put the generation in Funcs.MiscUtils.uniqueId() so that it can be used for UserKit's User's externalId as well. I also kept the YYYYMMDDHHMMSS prefix which I have found useful when looking at the Sessions/ directory. > * WebKit/SessionFileStore.py: > Avoid concurrent session file update woes, which may cause > pickle.load exceptions, by writing to a temporary > file, then renaming. Accepted. This is a big improvement, but I still think we have a flaw in that 2 open browser windows from the same user could update the same session at nearly the same time, with the second one clobbering the first one's results. I put a comment in the code about this. No one has cried "bloody murder" about this yet, because it's a rare event. > * WebKit/UnknownFileTypeServlet.py: > Handle HEAD requests a little better. Accepted. > * WebKit/Application.py: > New method: getDbConnection(), which returns > a (pooled) database connection. > Requires 3 new Application.config settings, e.g.: > 'DbModule': 'PgSQL', # your fav DB-API v2.0 module > 'DbConnect':'::mydb:me', # DB connection string > 'DbConnections': 5, # concurrent connections > Connections in the pool are closed at application > shutdown, in the interest of database hygiene. > I prefer this method over Cans, because it's simpler, > it centralizes the DB stuff in one place, and it's the sort > of natural functionality WebKit should support out of the box. Rejected. As evidenced by discussion, this doesn't seem generic enough to meet everyone's needs. I suggest a Python module or WebKit plug-in and/or Wiki page until this settles into something most people feel good about. > * MiscUtils/DBPool.py: > Added shutDown method, as described above. Postponed. The method itself looks useful, but I'm hesitant about the except: that catches everything. What exceptions were you expecting? Can we catch these? > * WebKit/HTTPServlet.py: > Attempts to mirror the Webware site I'm working on > using "wget -m" caused a KeyError in HTTPServlet.respond(), > because WebKit doesn't support the HTTP HEAD method > (a mandatory part of the protocol). > Changed to return a "501 Not Implemented" status > if the subclass doesn't define the method. > I also added a default respondToHead method, which is > correct but inefficient. Accepted. I tweaked to have a dictionary that caches the self method for an HTTP method string in the belief that this will be a little faster.; however, I have no benchmarks. These are good changes, but changes nonetheless. For those of you that use Webware CVS, please update, test and report any problems. > Cheers, - Ken Lalonde, Torus Inc. Thanks! -Chuck |