Menu
▾
▴
AW: [Openinteract-help] Bulk SPOPS security checks?
|
From: <And...@Be...> - 2003-11-18 09:33:45
|
Hi Simon, This is a problem, which we tackled with the following 2 methods: - using security with skip_security This one sounds weird, but it works. The idea is, to issue the = fetch_group with the skip_security=3D1 parameter and instead join in the security = table with the appropriate object_class and object_id params. Here, only one select is done and only one fetch. Works like it should - using handler security and a config table Here, we are only using SPOPS for security to the handler, not the application data . This is then done within the app itself. To make = this easy to configure, we sometimes use a configuration table ( limited = amount of entries ), with standard SPOPS security on. Before the select on the application data is issued, you make a standard fetch_group on the = config table and get the information you need to fetch only the data from the application data tables, which the user may see. In general, SPOPS is great for small tables, but the more data and the = more groups you have, it finds breaks performance in standard mode. Both methods described above are performant and stable. Method 2 is = cleaner and should be preferred, if possible. Later, Andreas -----Urspr=FCngliche Nachricht----- Von: Chris Winters [mailto:ch...@cw...]=20 Gesendet: Dienstag, 11. November 2003 00:19 An: Vsevolod (Simon) Ilyushchenko Cc: ope...@li... Betreff: Re: [Openinteract-help] Bulk SPOPS security checks? * Vsevolod (Simon) Ilyushchenko (si...@cs...) [031110 17:59]: > I noticed that SPOPS security is invoked by retrieving the object=20 > first > and checking its security later. Is there a way to shift the security = > checks down to the SQL level so that only objects readable by the=20 > current user are selected from the database? The folks at bertelsmann implemented something like this. Andreas? Chris --=20 Chris Winters (ch...@cw...) Building enterprise-capable snack solutions since 1988 ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ = _______________________________________________ openinteract-help mailing list ope...@li... https://lists.sourceforge.net/lists/listinfo/openinteract-help |
