[ZODB-Dev] non-transactional undo
Toby Dickenson
tdickenson at geminidataloggers.com
Tue Jun 17 15:00:56 EDT 2003
On Tuesday 17 June 2003 13:40, Barry Warsaw wrote:
> > I think the repozo.py tool (FileStorage backup tool that I didnt know
> > about until this morning!) isnt safe because of non-transactional undo
> > (and possibly other reasons - I stopped reviewing)
>
> Actually, it ought to be "safe" by virtue that if the md5 checksums of
> the incremental backups don't match the same span of bytes in the
> Data.fs file, repozo will perform a full backup.
I dont think it checksums the whole file, and a non-transactional undo might
have only changed a byte right at the start.
If it does have to read the whole file to md5 it, then I think that
disqualifies it as an *incremental* backup ;-)
> > Can we set a schedule for removing it in ZODB3?
> > If not removing it, inhibiting it by default.
>
> I believe Zope 2.something already defaults to transactional undo. I
> don't remember what the "something" is, but "someone" might. So you
> should only be vulnerable when using older Zopes or applications that
> themselves default to non-transactional undo.
Its not the default, but it is accessible. It might be possible for a
malicious user to use it to intentionally break a backup. (Its not easy to
test an incremental backup, so I think paranoia is appropriate here)
--
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson
More information about the ZODB-Dev
mailing list