[geeklog-devel] Circular group references

Tony Bibbs tony at tonybibbs.com
Mon May 19 11:13:07 EDT 2003


Here is a unique suggestion related to all this.

Group-level security changes shouldn't happen all that often.  Given that, 
when changes are made to a group we should loop through all groups and 
build their membership in a cache field.  Then you get out of the business 
of expensive recursive calls on each page request.

Did that make sense?  Does it sound feasible?

--Tony

 On Sat, 17 May 2003, 
Vincent Furia wrote:

> Dirk Haun wrote:
> 
> >Here's an interesting case I had:
> >
> >Someone wasn't able to log into his site any more. Geeklog went from
> >index.php to users.php and then seemed to sit there forever.
> >
> >As it turned out, he had set up a circular group reference, i.e. group A
> >was assigned to group B and group B to group A. So when someone who was
> >in one of those groups tried to log in, Geeklog went into an endless loop.
> >
> >The funny thing is that using Vincent's speed improvements in lib-
> >security.php enables you to log into such a site nonetheless. So
> >replacing lib-security.php with the version from CVS is one way to
> >resolve these problems.
> >
> In case anyone is curious, the reason my speed improvement doesn't get 
> caught in this loops is because as it creates the list of membership 
> groups, it checks to see if a group has already been added to the list 
> of groups, and if so, ignores it.
> 
> I don't think there is any reason we necessarily need to restrict 
> circular group assignments, besides geeklog-1.3.7's logon problems 
> (which will be fixed in the next release by my lib-security speed 
> improvements) it really doesn't hurt anything.
> 
> -Vinny
> 
> >
> >However, Geeklog shouldn't let you set up such dependencies in the first
> >place. Avoiding that, though, seems to be an interesting challenge ...
> >Any takers?
> >
> >bye, Dirk
> >
> >
> >  
> >
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
> 

-- 
Tony Bibbs          "I guess you have to remember that those who don't
tony at tonybibbs.com  hunt or fish often see those of us who do as      
                    harmlessly strange and sort of amusing. When you  
                    think about it, that might be a fair assessment." 
                    --Unknown





More information about the geeklog-devel mailing list