Re: [Zope-dev] DCOracle2 Beta 3
On Saturday, June 16, 2001, at 08:41 PM, Andreas Repp wrote: > (quoting himself) >> ... To solve the performance problem I´d suggest to cache the user >> connections for a certain period of time. ... > > Of course I haven't meant to 'cache' the connections but to keep em > alive > while the respective user is active and shut it down after a timeout > period has passed. I was reading the Oracle9i OCI documentation (Oracle 9i was just released) and one of the interesting things it has is connection pooling, with some kind of proxy authorization. As I get a chance I may investigate this further; first to see if it works, then to get a feel for for how to integrate it into Zope. It looks like an extension of something you could already do, but the documentation is frustratingly light on examples. In any case, the promising part was that you could leave the proxied user's password blank, as long as session was authorized for proxies. That would eliminate the whole necessity of having to track the database level user passwords. > > ##default_connection_id=(changed via ZSQL manage_main Interface) > ##connection_type=[ standard | custom | optional ] > ##connection_options=(individual Oracle Connection String) > sql yada yada > > 'standard' = obvious > 'custum' = forced custom connection - will raise error if > connection_options > dont' have a valid connection string > 'optional' = try 'custom' and fallback to 'standard' if it fails > > btw: would be nice to have a drop box in the manage_main screen for this > stuff in a _far future_ release of ZSQL-Methods ;-) Well there are still userid mapping problems present. It's not necessarily reasonable to assume there is a 1:1 mapping between Zope userids and the database userids. What I'd probably be inclined to do is change the *connection* object to look for some other acquired authenticator, which it could use to start a session. That way you can write your own authentication conversions and plug them in. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle2 Beta 3
Sorry, but there were some mistakes in my last posting... >... To solve the performance problem I´d suggest to cache the user > connections for a certain period of time. ... Of course I haven't meant to 'cache' the connections but to keep em alive while the respective user is active and shut it down after a timeout period has passed. >enhanced ZSQL-example: >##(new)connection_id=, >##arguments=ID,NAME I also know that this will hardly ever work ;-) Maybe this shot would do a better job: ##default_connection_id=(changed via ZSQL manage_main Interface) ##connection_type=[ standard | custom | optional ] ##connection_options=(individual Oracle Connection String) sql yada yada 'standard' = obvious 'custum' = forced custom connection - will raise error if connection_options dont' have a valid connection string 'optional' = try 'custom' and fallback to 'standard' if it fails btw: would be nice to have a drop box in the manage_main screen for this stuff in a _far future_ release of ZSQL-Methods ;-) I noticed that a SQL 'COMMIT' is hardcoded into (old) ZOracle/DCOracle1 code - this would'nt have any more sense if all mentioned is possible but surely you know this. Andy -- Andreas Repp [EMAIL PROTECTED] Leibniz Rechenzentrum Muenchen www.lrz.de -- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle2 Beta 3
> On the far-out front, a few people have asked how you might do > user-specific connections to the database (ie instead of pooling by a > common connection, you individually authenticate to Oracle with your > own password). Clearly, cloning the base Connection object would be > fairly straighforward, but authenticating it to Oracle would not be, > as the user password wouldn't be available. If anyone feels strongly > about that (ie you have a notion on how you would make it work and/or > you need it),feel free to write me. From a performance standpoint it > would be terrible, but security auditors would love it. Hello Matthew, I think this feature would be most useful ! Since I am no (not yet ;-) zope-product developer I can't help you integrating this kind of stuff but I think I can give you some thoughts about it: Of course it would be a great advantage from a security point of view but it would also make it possible to use Oracle's transaction machinery. This would make it much easier for users of OR-mapping products (ie ZPatterns) to wrap insert, update, delete SQL methods into an user Oracle transaction. (I don't know witch impact it would have on products like OracleStorage ...) That way several of above mentioned SQL methods can be aborted in the end without interfering with other users´ actions. Without user based connections this would only be possible, if at all, with a high coding effort. To solve the performance problem I´d suggest to cache new user connections for a certain period of time. To be at all able to transfer the DB-user connection string I´d propose to use a structure similar to Pythonscript for the ZSQL methods. enhanced ZSQL-example: ##(new)connection_id= ##arguments=ID,NAME insert into SAMPLE (ID,NAME) values ( , ) (I know that dtml inside the pythonscipt-header is not evaluated but the product developer should be able to make it work that way ...) I assume that this might be a backward compatible approach to solve the issue until some greater spirit has thought about it. A session based connection would be useful as well, but I guess that are dreams of the future ;-) as allways: any comment is very appreciated Andy -- Andreas Repp [EMAIL PROTECTED] Leibniz Rechenzentrum Muenchen www.lrz.de -- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
OracleStorage? Re: [Zope-dev] DCOracle2 Beta 3
Are there any plans to port OracleStorage over to use DCOracle2? John On Tuesday 12 June 2001 10:46, Matthew T. Kromer wrote: > For all of you (or at least, BOTH of you) Oracle users out there, > I packed up DCOracle2 Beta 3 this morning, including Z Oracle Stored > Procedures as part of ZOracleDA. > > It can be found in the usual place, > > http://www.zope.org/Members/matt/dco2 > > This isn't much different from Beta 2 except for some SP tweaks and the > Z Oracle Stored Procedures, except that the NT builds are release > versions with Oracle 8i (e.g. SP discovery code) features enabled -- > when I built Beta 2 I goofed the build and packaged a debug release > without the 8i specific features on. > > I'll confess that I'm not a heavy user of Stored Procedures, so your > mileage may vary; particulary when using IN/OUT binds where type > conversions need to take place from unweildy Oracle native types (like > SQLT_NUM.) > > If you play with the stored procedure objects in Zope, it's probably > worth pointing out that the default permissions won't include execute > permission -- you have to specifically enable that for non-manager roles. > > On the far-out front, a few people have asked how you might do > user-specific connections to the database (ie instead of pooling by a > common connection, you individually authenticate to Oracle with your own > password). Clearly, cloning the base Connection object would be fairly > straighforward, but authenticating it to Oracle would not be, as the > user password wouldn't be available. If anyone feels strongly about > that (ie you have a notion on how you would make it work and/or you need > it), feel free to write me. From a performance standpoint it would be > terrible, but security auditors would love it. > > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) -- . . . . . . . . . . . . . . . . . . . . . . . . John D. Heintz | Senior Engineer 1016 La Posada Dr. | Suite 240 | Austin TX 78752 T 512.633.1198 | [EMAIL PROTECTED] w w w . d a t a c h a n n e l . c o m ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] DCOracle2 Beta 3
For all of you (or at least, BOTH of you) Oracle users out there, I packed up DCOracle2 Beta 3 this morning, including Z Oracle Stored Procedures as part of ZOracleDA. It can be found in the usual place, http://www.zope.org/Members/matt/dco2 This isn't much different from Beta 2 except for some SP tweaks and the Z Oracle Stored Procedures, except that the NT builds are release versions with Oracle 8i (e.g. SP discovery code) features enabled -- when I built Beta 2 I goofed the build and packaged a debug release without the 8i specific features on. I'll confess that I'm not a heavy user of Stored Procedures, so your mileage may vary; particulary when using IN/OUT binds where type conversions need to take place from unweildy Oracle native types (like SQLT_NUM.) If you play with the stored procedure objects in Zope, it's probably worth pointing out that the default permissions won't include execute permission -- you have to specifically enable that for non-manager roles. On the far-out front, a few people have asked how you might do user-specific connections to the database (ie instead of pooling by a common connection, you individually authenticate to Oracle with your own password). Clearly, cloning the base Connection object would be fairly straighforward, but authenticating it to Oracle would not be, as the user password wouldn't be available. If anyone feels strongly about that (ie you have a notion on how you would make it work and/or you need it), feel free to write me. From a performance standpoint it would be terrible, but security auditors would love it. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
