Re: Camping 2.0 - What's left?
I forgot to mention though, the signing just stops users from changing the session data without the server knowing, it doesn't stop them from reading it. Any data in the session when using the cookie sessions store only needs to be base64 decoded and unmarshaled with ruby to find out what's inside. As far as i'm concerned, any app that's keeping secrets from me about me is not the kind of app I want to be using anyway. On 25/05/2008, at 1:43 PM, _why wrote: On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote: * The cookie session is named Camping::Session and is placed in camping/session.rb. Maybe this should be called Camping::CookieSession or??? You know, these cookie sessions seem like they could be a problem. A lot of sessions would contain just the hash and the user name. So, spoof the user name and you're in, you know? _why ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping 2.0 - What's left?
On 25 mei 2008, at 00:25, Magnus Holm wrote: * insert your wish * Are deeply nested query arguments and tricky bits like checkbox arrays/param arrays handled properly (and in a Camping-compatible manner, AFAIK in Camping the first parameter wins as opposed to Rails) by Rack? What happens with file uploads? * I loved Camping::H too much, don't see a big deal in wrappint the request/env hashes into it (also to avoid substantial code scavenging) ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping 2.0 - What's left?
On Sun, May 25, 2008 at 4:25 PM, Julian Tarkhanov [EMAIL PROTECTED] wrote: On 25 mei 2008, at 00:25, Magnus Holm wrote: * insert your wish * Are deeply nested query arguments and tricky bits like checkbox arrays/param arrays handled properly (and in a Camping-compatible manner, AFAIK in Camping the first parameter wins as opposed to Rails) by Rack? Rack doesn't do anything special with queries ending in [] and [key], so we're cleaning it up in Base#initialize. It works with arrays and hashes, but not perfectly when they're nested. Could you write some examples of how they should be handled? Here's a helper to see what Camping does today: http://pastie.caboo.se/private/53towf4gox3di0k6c8zhw I think we could use almost the same code if we just move it out to a helper and do some recursive magic. What happens with file uploads? No idea! Maybe Christian Neukirchen can answer what Rack::Request does with it? There isn't any file-upload specific code in Camping now. * I loved Camping::H too much, don't see a big deal in wrappint the request/env hashes into it (also to avoid substantial code scavenging) It would be easier to remove Camping::H for good, but I like #method_missing for getting out the values... Unless we want to get it under the 3kB-mark, I don't think it's worth to remove it. We're far away from 4kB! ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list -- Magnus Holm ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Camping 2.0 - What's left?
I've just sent a pull-request to _why with my changes[1] and here is some things that I think needs to be done before a (possible) release: * The cookie session is named Camping::Session and is placed in camping/session.rb. Maybe this should be called Camping::CookieSession or??? * The ActiveRecord session is named Camping::ARSession and is placed in camping/ar/session.rb. Maybe it should be called Camping::AR::Session or??? * The documentation of cookie sessions is just utterly wrong. Can someone clean it up? * The documentation in camping-unabridged.rb and README are almost duplicates. camping-unabridged.rb should only contain about the differences between camping.rb and camping-unabrdiged.rb, while README should be all about Camping (IMO). We must also add that apps should be run using Rack, and The Camping Server is only for development. * The flipbook-template produces some weird output once in a while. See [2]. Anyone knows RDoc-templates? We should also include all the methods in a list, since they're spread between Base, Helpers and Controllers. And Controllers won't be documented since it has a X = in front of it (doc-ability vs size?). * Some investigating of how to use Camping with DataMapper, Sequel and Og, and if they require any glue. Should the other ORMs also have tables prefixed with the app name? * What about a little guide of how to make your app Camping 2.0 compatible? * Cleaning up the wiki to be 2.0 only? * insert your wish I'm not saying I won't do any of these things, I just want to push this code so other can contribute too. (I suck at docs + decisions). Oh, and I've included `rake ruby_diff` which will use Ruby2Ruby to translate camping.rb camping-unabridged.rb to proper Ruby and show a diff. Really useful when synchronizing the two files. camping.rb is now at 3171 bytes (77% of 4kB)! (I realize that we don't need to target all of these issues for 2.0, we must have something left for 2.1 :-) [1] http://github.com/judofyr/camping [2] http://camping.rubyforge.org/classes/Camping/H.html vs http://camping.rubyforge.org/classes/WEBrick.html --- Magnus We're missing _why in #camping Holm ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping 2.0 - What's left?
On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote: I've just sent a pull-request to _why with my changes[1] and here is some things that I think needs to be done before a (possible) release: It's been merged, great work, Magnus. I'm not quite to the point of addressing all of your questions, I'm just trying some of my old apps on this latest stuff. So, what's the reason for getting rid of @env? Well, I see that Rack::Request is a wrapper for all those vars. I think I'm still going to allow @env, though, for compatibility with old apps. _why ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping 2.0 - What's left?
On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote: * The cookie session is named Camping::Session and is placed in camping/session.rb. Maybe this should be called Camping::CookieSession or??? You know, these cookie sessions seem like they could be a problem. A lot of sessions would contain just the hash and the user name. So, spoof the user name and you're in, you know? _why ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list