[ZODB-Dev] RE: [Zope-Annce] ZODB 3.2.4 release candidate 1
released
Shane Hathaway
shane at hathawaymix.org
Thu Sep 9 23:17:05 EDT 2004
On Tuesday 07 September 2004 16:35 pm, Florent Guillaume wrote:
> This was changed to:
> try:
> ...stuff...
> except ConflictError:
> raise
> except:
> LOG('an error happened: %s' % sys.exc_info())
> # continue anyway as we "shouldn't fail"
> # or we "want to return a default value if we fail"
> ...rest...
>
> To make sure we didn't inadvertently catch something that could make the
> database inconsistent.
I'd like to point out another reason I think this approach to database
consistency is futile: restricted Python scripts can catch all exceptions,
including conflict errors. We could plug that "hole", but who knows when the
next will show up? This is a systemic problem.
Here is a solution I just stumbled upon this month: transactions should not
start implicitly in Zope. After you commit or abort a transaction, the
object system should be frozen until you explicitly begin the next
transaction with get_transaction().begin(). Attempts to change objects
between transactions should result in an immediate exception.
That way, conflict errors can simply abort the transaction without beginning a
new one. We will not have the partial transaction effect that we have today.
As a bonus, code that accidentally writes between HTTP requests will expose
itself.
Shane
More information about the ZODB-Dev
mailing list