[Zope-DB] per user connection with SQLRelay

Andreas Kaiser kaiser at xo7.de
Mon Aug 4 09:48:00 EDT 2003 

On Fri, 2003-08-01 at 15:50, Matthew T. Kromer wrote:
> Well, thats the right general idea.
> The problem is that when it needs to connect, you're going to have to 
> lean on an acquisition wrapper somewhere to locate some thread globals
> (ie AUTHENTICATED_USER) and grab state based on that user key.

Okay. So I could use a (private) dictionary with {'user':'pass'}
elements in my DA subclass and provide a (protected) method to add an
entry to that dictionary. I would call this method when a user logs in.
So far so good.

I still don't understand how to get access to AUTHENTICATED_USER. I
think my problem is the "acquisition wrapper". Could you please point me
to an example?

> You basically do not have the opportunity to prompt for the SQL
> userid & password, so you need to get those values established in
> advance by another page, and stored in a persistent object keyed on
> authenticated user so you can pick it up later.
 

That's no problem, as I subclassed SimpleUserFolder to authenticate
against an Oracle instance. So I also have the page where I could set
user/pass.

> Needless to say, I dont like storing passwords, even in memory.

Of course. ...


Thanks again,
Andreas

> 
> Andreas Kaiser wrote:
> 
> >Hi all!
> >
> >
> >I want to have per-user database connections to Oracle 8/9 from Zope.
> >The best approach i've found so far was described in a thread on this
> >list in December 2002:
> >
> >http://mail.python.org/pipermail/zope-db/2002-December/001176.html
> >
> >Dieter suggests to use SQLRelay and to 'create a DA variant that
> >switches users in its "register" method'. 
> >
> >This is from ZSQLRelayDA/db.py:
> >
> >  class DB(TM):
> >
> >    def _begin(self):
> >        self.con = PySQLRDB.connect(self.host, self.port, 
> >                                    self.socket,  self.user,
> >                                    self.password,0,1)
> >        self.cur = self.con.cursor()
> >
> >    def _finish(self, *ignored):
> >        self.con.commit()
> >        self.con.close()
> >
> >    def _abort(self, *ignored):
> >        self.con.rollback()
> >        self.con.close()
> >
> >As far as I understand Zope's transaction management, each request
> >consists (at least) of one transaction and every transaction is
> >completed within one request.
> >
> >If this is true, I could provide the authentification arguments to
the
> >PySQLRDB.connect method.
> >
> >1. Is this true?
> >
> >2. How can I get the needed values? I'm for sure totally blind, but I
> >   really don't see how to access them from this class/method...
> >
> >
> >tia,
> >Andreas
>

More information about the Zope-DB mailing list