| Gregory (Grisha) Trubetskoy 2005-04-07, 5:58 pm |
|
On Thu, 7 Apr 2005, Nicolas Lehuen wrote:
> Grisha, the dbm implementation is pickling to the dbm which stores in
> a file.
Indeen it does, I some for reason did not think about it.
As a sidenote, I think this shows how important it is to always explain
everything in English (rather than code) and have lots of comments.
With this implementation - is there still any advantage to usnig a DBM at
all?
I still think that security needs to be addressed slightly better -
perhaps explicitely setting permissions - perhaps putting sessions in a
subdirectory only readable, writable and executable by apache user would
make it a bit cleaner. The current mod_python DBMSession does not
explicitely set permissions which is a problem. (though inserting a bad
pickle into dbm is slightly harder than just just writing a file and then
calling a url that you know will cause mod_python to attempt to unpickle
it)
Also, I don't see any locking here, I think it's needed.
Lastly - this discussion belongs on the python-dev@httpd list really :-)
Grisha
> It's an extra layer of implementation, so reduced performances
> can be expected.
>
> BTW, both implementation could save time and space by pickling with
> the protocol 2 instead of the protocol 0.
>
> Regards,
> Nicolas
>
> On Apr 7, 2005 6:26 PM, Gregory (Grisha) Trubetskoy
> <grisha@modpython.org> wrote:
>
|