Re: [Fwd: Re: svn commit: r466865 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_authn_dbd.xml modules/aaa/mod_auth.h modules/aaa/mod_authn_dbd.c modules/aaa/mod_authnz_ldap.c]
. On 10/29/2006 01:50 PM, Graham Leggett wrote: Ruediger Pluem wrote: Does it really make sense to put this in the same environment namespace? What if we have rows with the same name here and for the password query? Shouldn't the prefix be AUTHN_PREFIX + (USER_|PASSWORD_)? My understanding of the code is that only one password query is ever executed - is this correct? Yes, this is correct. It is set by AuthDBDUserPWQuery. What sql statement would correspond with USER_ above? The one set by AuthDBDUserRealmQuery. It is used inside authn_dbd_realm OK, USER_ might the wrong word, but we definitely have two possible different queries with possible the same field names which are put in the same environment namespace. Regards RĂ¼diger
Re: [Fwd: Re: svn commit: r466865 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_authn_dbd.xml modules/aaa/mod_auth.h modules/aaa/mod_authn_dbd.c modules/aaa/mod_authnz_ldap.c]
Ruediger Pluem wrote: Yes, this is correct. It is set by AuthDBDUserPWQuery. What sql statement would correspond with USER_ above? The one set by AuthDBDUserRealmQuery. It is used inside authn_dbd_realm OK, USER_ might the wrong word, but we definitely have two possible different queries with possible the same field names which are put in the same environment namespace. My understanding of the code is that either the realm query will get run, or the password query will get run - otherwise we would be checking the password twice. AUTHENTICATE_ entries are only added to the environment for the second and subsequent columns in each query. If two sql queries are being done, then the admin need only add the extra columns to one of the queries. If this is ever a problem, the admin can simply give the second query different column names to the first, assuming there are two queries at all. The point behind the AUTHENTICATE_ is that it is the same as that of mod_authnz_ldap. If you put the sql ones in different namespaces, then it seriously reduces the usefulness of putting this info in the environment, as users of this information now have to care which module did the authz and authn. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: [Fwd: Re: svn commit: r466865 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_authn_dbd.xml modules/aaa/mod_auth.h modules/aaa/mod_authn_dbd.c modules/aaa/mod_authnz_ldap.c]
On 10/29/2006 03:47 PM, Graham Leggett wrote: Ruediger Pluem wrote: Yes, this is correct. It is set by AuthDBDUserPWQuery. What sql statement would correspond with USER_ above? The one set by AuthDBDUserRealmQuery. It is used inside authn_dbd_realm OK, USER_ might the wrong word, but we definitely have two possible different queries with possible the same field names which are put in the same environment namespace. My understanding of the code is that either the realm query will get run, or the password query will get run - otherwise we would be checking the password twice. Ok, this is true. I have not checked that before. password query is for basic auth and realm query is for digest auth. I don't think that they get used in the same request AUTHENTICATE_ entries are only added to the environment for the second and subsequent columns in each query. If two sql queries are being done, then the admin need only add the extra columns to one of the queries. If this is ever a problem, the admin can simply give the second query different column names to the first, assuming there are two queries at all. Yes, but the rows selected could be different and thus the contents of the fields, but as stated above it is very very unlikely that both queries are run for the same request, so this does not matter. The point behind the AUTHENTICATE_ is that it is the same as that of mod_authnz_ldap. If you put the sql ones in different namespaces, then it seriously reduces the usefulness of putting this info in the environment, as users of this information now have to care which module did the authz and authn. This is clear. I was just worried that we overwrite the contents of one of the AUTHENTICATE_ variables we just written a stage before, but as this is not the case there is no point in having different namespaces and thus reducing usefulness. Regards RĂ¼diger
