[geeklog-devel] Circular group references

Tony Bibbs tony at tonybibbs.com
Mon May 19 12:02:41 EDT 2003 

Yes, you would have to regenerate teh cache.  You wouldn't necessarily 
have to do it for every gruop, just depends on how smart you make the 
caching code.

Yeah, sorry, I knew you got rid of the recursion.  You did that after I 
got the functions ported over to GL2's CVS tree so I need to move those 
changes over when I get a chance.

--Tony

 On Mon, 19 May 2003, Vincent Furia wrote:

> The changes I made to lib-security removed the recursive functions calls 
> that really slowed down the process of looing up group membership.  The 
> iterative process of group membership look up is pretty fast.  This 
> combined with the fact you'd have to merge these caches for people with 
> multiple group memberships and I don't think you'll see a significant 
> speed up in most cases.  While not necessarily difficult, keeping a 
> cache updated correctly in the database could introduce some 
> difficulties (would you have to regenerate the cache for every group 
> when you delete a single group, etc).
> 
> -Vinny
> 
> Tony Bibbs wrote:
> > Here is a unique suggestion related to all this.
> > 
> > Group-level security changes shouldn't happen all that often.  Given that, 
> > when changes are made to a group we should loop through all groups and 
> > build their membership in a cache field.  Then you get out of the business 
> > of expensive recursive calls on each page request.
> > 
> > Did that make sense?  Does it sound feasible?
> > 
> > --Tony
> > 
> >  On Sat, 17 May 2003, 
> > Vincent Furia wrote:
> > 
> > 
> >>Dirk Haun wrote:
> >>
> >>
> >>>Here's an interesting case I had:
> >>>
> >>>Someone wasn't able to log into his site any more. Geeklog went from
> >>>index.php to users.php and then seemed to sit there forever.
> >>>
> >>>As it turned out, he had set up a circular group reference, i.e. group A
> >>>was assigned to group B and group B to group A. So when someone who was
> >>>in one of those groups tried to log in, Geeklog went into an endless loop.
> >>>
> >>>The funny thing is that using Vincent's speed improvements in lib-
> >>>security.php enables you to log into such a site nonetheless. So
> >>>replacing lib-security.php with the version from CVS is one way to
> >>>resolve these problems.
> >>>
> >>
> >>In case anyone is curious, the reason my speed improvement doesn't get 
> >>caught in this loops is because as it creates the list of membership 
> >>groups, it checks to see if a group has already been added to the list 
> >>of groups, and if so, ignores it.
> >>
> >>I don't think there is any reason we necessarily need to restrict 
> >>circular group assignments, besides geeklog-1.3.7's logon problems 
> >>(which will be fixed in the next release by my lib-security speed 
> >>improvements) it really doesn't hurt anything.
> >>
> >>-Vinny
> >>
> >>
> >>>However, Geeklog shouldn't let you set up such dependencies in the first
> >>>place. Avoiding that, though, seems to be an interesting challenge ...
> >>>Any takers?
> >>>
> >>>bye, Dirk
> >>>
> >>>
> >>> 
> >>>
> >>
> >>_______________________________________________
> >>geeklog-devel mailing list
> >>geeklog-devel at lists.geeklog.net
> >>http://lists.geeklog.net/listinfo/geeklog-devel
> >>
> > 
> > 
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
> 

-- 
Tony Bibbs          "I guess you have to remember that those who don't
tony at tonybibbs.com  hunt or fish often see those of us who do as      
                    harmlessly strange and sort of amusing. When you  
                    think about it, that might be a fair assessment." 
                    --Unknown

More information about the geeklog-devel mailing list