My progress was recently stymied for a while by a server related issue, but I've got that sorted now.
Minor hiccup with the addition of the validation code. After its introduction, the policies table (assuming sqlstore) is expected to have the new 'accept' column. But when using an older sqlstore instance without an 'accept' column, the latest tiddlyweb master crashes on list_recipes because the 'accept' column doesn't exist. Don't know if the crash is due to postgres' strictness. I jumped in the database, manually added the column to the policies table, and was on my way. Just curious if you encountered the issue on an older store? I know this problem won't affect many people, and is limited to pre-existing stores, and might be further limited to just postgres. I don't know if the underlying issue of new versions of tiddlyweb demanding columns that don't exist in older store versions is going to occur frequently enough to warrant attention. Well this is just a problem I ran into in passing. Planning on posting about some other stuff soonish. On Jun 16, 10:45 pm, Martin Budden <[email protected]> wrote: > Makes sense. It's just a bit of a pity that we have to choose an > non-intuitive name to get the defaults the right way round. > > Martin > > 2009/6/16 [email protected] <[email protected]>: > > > > > On Jun 16, 2:48 pm, Martin Budden <[email protected]> wrote: > >> a (perhaps) stupid question > > > I thought we all agreed a long time ago that there are no stupid > > questions? > > >> Why do you call the policy constraint "accept"? You call the > >> constraint "accept", and validate if it is not set. > > >> Why not call the policy constraint "validate", and only validate when it > >> is set? > > > Basically because: > > > * We are theoretically able to enumerate those users for who we think > > content should be _accept_ without validation. Martin and Chris get > > their content through without change, everyone else (the infinite list > > of everyone else) gets their content validated. Or ANY user which is > > authenticated gets their content through without validation, the > > infinite unknowable everyone else does not. > > > * Where we can enumerate both those users that don't need validation, > > and those that do, it is presumed safer to whitelist rather than > > blacklist, as with blacklisting, the risk from making a mistake in the > > list is higher: damage is done to content. If I fail to include Martin > > in the whitelist, the only thing that happens is that Martin can't do > > what he wants to do, but the integrity of the system is maintained. > > > That make sense? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/TiddlyWikiDev?hl=en -~----------~----~----~----~------~----~------~--~---
