Message7587
Hi Marcus:
How well have you tested your changes to make sure that the lack of reinitialization
can't cause security issues?
It looks like a new client is created on every connect which I think should guarantee that
database access by a client is only done with proper access restrictions but the comment in
instance.open that says:
# load the database schema
# we cannot skip this part even if self.optimize is set
# because the schema has security settings that must be
# applied to each database instance
could a lack of a call to instance.open result in an incorrectly applied schema being used?
Ralf ideas/concerns about applying this patch without tests less than three weeks
before the 2.2.0 release?
Ideas on how to test this? We do have test_live_server
but I am not sure how do test any side effects from this patch.
Also what is the effect of:
with self.get_tracker() as tracker:
as a context handler in the original code? Does it do any close/cleanup/release of
resources?
It looks like preload() just calls get_tracker(). Is it's role simply to prime the pump
and preload/precompile the tracker before the call to:
with self.get_tracker() as tracker:
so that the cost isn't paid when the first connection is made?
-- rouilj |
|
| Date |
User |
Action |
Args |
| 2022-06-27 14:10:06 | rouilj | set | messageid: <1656339006.42.0.959406414021.issue2551212@roundup.psfhosted.org> |
| 2022-06-27 14:10:06 | rouilj | set | recipients:
+ rouilj, schlatterbeck, marcus.priesch |
| 2022-06-27 14:10:06 | rouilj | link | issue2551212 messages |
| 2022-06-27 14:10:06 | rouilj | create | |
|