On Thu, Aug 4, 2011 at 9:15 AM, Matt Feifarek <[email protected]> wrote: > On Thu, Aug 4, 2011 at 12:44 AM, Mike Orr <[email protected]> wrote: >> >> The transaction should fail when the update query is run, not when it >> commits. So you shouldn't set the 'authenticated' flag until the query >> finishes without error. > > Good advice, but not possible in this case; I'm using ZODB...
[Slaps head.] I'm so used to SQLAlchemy I forgot that pyramid_tm originated in Zope/ZODB. > I kinda feel like there is still a larger question here, though... using > transaction manager, code that is executed in a view callable doesn't > *really* finish till after the users' function is over... so there's no > chance of cleaning up if the transaction fails. > I guess what is likely to happen is an exception, and in production, that > would lead to a blank 500 error, which is the right thing. But because it's > kinda unpredictable what has actually happened in the view callable, it's > hard to write safe code... which means that the safe way is to manage ones > own transactions when there is sensitive code, which means that maybe > transaction manager itself is not a good fit? I hope not, because I like it. > We can fix session storage to be transaction aware; maybe some kind soul > will (maybe me)... but I can think of other dangerous code > inconsistencies... say a database-dependent security check is required > before a user is allowed to delete a file on the filesystem... Well, again, what's a concrete case where this has been a problem? In sites where users upload files attached to database records, there's a possibility that the file is modified and the database record isn't, but I have an application that's been doing that for six years and this has never come up. Commit failures themselves are pretty rare , except for cases where the autoincrement-sequence has gotten out of sync, the data is too long for the field, or there's a Unicode error or unexpected null. And those are bugs in themselves that have to be fixed, so it's not surprising if there's collateral damage when they fail. -- Mike Orr <[email protected]> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
