Re: [Zope] Screwy permissions problem has me stumped
On Thursday 23 March 2006 21:24, Andrew Milton wrote: Every TAL call pretty much creates a new security context, which is why it's hitting the DB so often (this is why it's best to turn on caching in XUF even for 5 or 10 seconds if you're using a 'slow' auth mechanism). In the Paramaters tab in my XUF acl_users folder, I have: Credential Cache Timeout in Seconds (0 for No Caching) : 30 Negative Credential Cache Timeout in Seconds (0 for No Caching): 5 and yet I'm still seeing several identical queries per second in my database logs. Shouldn't those settings enable the cache? I'm not sure why it's using your username and not their own though, without actually looking at your setup. XUF just executes the lookups based on what Zope tells it to do. Thanks. I'll look into VerboseSecurity to see if I can figure out why it really, really wants to auth as me. -- Kirk Strauser The Day Companies ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Screwy permissions problem has me stumped
+---[ Kirk Strauser ]-- | On Thursday 23 March 2006 21:24, Andrew Milton wrote: | | Every TAL call pretty much creates a new security context, which is why | it's hitting the DB so often (this is why it's best to turn on caching in | XUF even for 5 or 10 seconds if you're using a 'slow' auth mechanism). | | In the Paramaters tab in my XUF acl_users folder, I have: | | Credential Cache Timeout in Seconds (0 for No Caching) : 30 | Negative Credential Cache Timeout in Seconds (0 for No Caching): 5 | | and yet I'm still seeing several identical queries per second in my database | logs. Shouldn't those settings enable the cache? Yes, but, only if you're successfully logged in... Negative cache prevents lookups on previously known bad users.. -- Andrew Milton [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Screwy permissions problem has me stumped
+---[ Kirk Strauser ]-- | My Zope server uses exUserFolder and PostgreSQL for authentication. I | turned on query logging today for unrelated reasons, and noticed an almost | continuous stream of queries: [snip] | Now, ourcustomer has full rights to the invoices folder and all files | in it, but they can't execute the title_or_id method on objects inside. | Also, how on Earth did my username get dragged into this? As the main site | developer, I own all the objects in the site, but I don't have any odd Proxy | access set up. I can't figure out why customers are trying to call | title_or_id as me in the first place, let alone why it fails. Any insight? Every TAL call pretty much creates a new security context, which is why it's hitting the DB so often (this is why it's best to turn on caching in XUF even for 5 or 10 seconds if you're using a 'slow' auth mechanism). I'm not sure why it's using your username and not their own though, without actually looking at your setup. XUF just executes the lookups based on what Zope tells it to do. -- Andrew Milton [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )