> Dirk Verbeeck wrote: > > > > Jiantao Pan wrote: > > > > > I am using recent ( yesterday) build of slide and using > > > JDBCDescriptorsStore and mysql. The attached is my Domain.xml. > > > Everytime I startup the server, A new entry get inserted into the > > > permissions table with object ='/', subject = '/' and action = '/'. > > > Which means everybody can do any action on anything. > > > I think this probably happens on other database also. Any suggestions on > > > why this happens? > > > Thanks. > > > Jiantao > > > > There was already a report on this issue, but maybe we can now use bugzilla > > to log everything. > > http://nagoya.apache.org/bugzilla/ > > > > Can you help us debug the problem ? > > We think it's a problem with mysql not having transaction support. > > First of all you should use slidestore.mysql.MySQLDescriptorsStore > > this store doesn't need transaction support. > > > The problem here is exactly what I reported a few days ago: when > populating the stores from Domain.xml, slide inserts these temporary > permissions (which isn't a problem by itself). However, due to changes > in this code, they are _only_ removed by rolling back a transaction. > > Please, don't suggest using MySQLDescriptorsStore. Slide itself > _requires_ transactions to work with any degree of correctness or > reliability (that decision has been clearly made, and is reasonable, > it'd be a LOT of work to do things differently). Merely turning off > transactions so that it looks like you don't need them doesn't actually > fix the problem at all.
I agree that corectness and reliability will require transaction support, and we should encourage people to use transactional backends. I don't see the problem with giving some support for other popular solutions, however (like mySQL, here). And here, I consider the issue to be a bug (it's just too risky to rely on the rollback to remove the permission, since if it somehow doesn't work, it leaves a huge security hole). Remy
