Gregory (Grisha) Trubetskoy
grisha at modpython.org
Thu Apr 7 12:36:28 EDT 2005
I'd like to hear some explanation of the problem with DBM sessions first. also - how hard is it to make the code below attempt to unpickle arbitrary stuff (potential security problem)? grisha On Thu, 7 Apr 2005, Nicolas Lehuen wrote: > Hi, > > Your code seems perfect to me. We could indeed add an extra hash to > the directory name so that all sessions do not end in the same > directory ; but I guess this is not needed on modern FS like ReiserFS > or WinFS. > > Also, the unlink call in do_delete needs an "os." to be correct... > > If everybody is OK I could integrate your class into the Session.py > module, so that it becomes a standard session implementation in the > next release. Grisha, Graham, what do you think ? > > Just as a note, the DbmSession relies on the anydbm module ; maybe the > crappy performance were due to the fact that anydbm reverted to a > crappy implementation, not the fastest (?) Berkeley-DB based one. > > Regards, > > Nicolas > > On Apr 7, 2005 5:01 PM, dharana <dharana at dharana.net> wrote: >> >> >> Graham Dumpleton wrote: >>> >>> On 07/04/2005, at 8:08 PM, dharana wrote: >>> >>>> If you want I can send my modified Session.py with the new FileSession >>>> class for review. >>> >>> >>> There probably shouldn't have been a need for you to copy/modify the actual >>> Session.py file which came with mod_python as your derived version could >>> live quite happily in its own module and simply used the installed Session >>> module. >>> >> >> I presumptuously thought that it could fit into the official mod_python >> package due to it's high performance when compared to DbmSession. >> >> > >>> Anyway, by all means post your code as sure it will be of interest to >>> someone, if not now then maybe in the future. If there are any problems >>> in what you have done, someone is also bound to point it out. >>> >> >> Here it goes. Please point out any obvious problem. Apart from being new >> to mod_python I'm also new to Python in general. For example, I don't >> think the exception handling I've put is completely correct. >> >> In anticipation for any possible attachment problems i pasted it >> directly. (I have read PEP 0008 and the 4 spaces indentation level >> recommendation but I'm in a hurry right now, sorry.) >> >> --- FileSession.py ----------------------------------------------------- >> import cPickle >> import tempfile >> >> from mod_python import Session >> >> tempdir = tempfile.gettempdir() >> >> class FileSession(Session.BaseSession): >> >> def __init__(self, req, sid=0, secret=None, timeout=0, lock=1): >> >> Session.BaseSession.__init__(self, req, sid=sid, secret=secret, >> timeout=timeout, lock=lock) >> >> def do_cleanup(self): >> import os >> >> # is there any faster way of doing this? >> for f in os.listdir(tempdir): >> if f.find('mp_sess_', 0, 11) == -1: >> continue >> >> fp = file('%s%s' % (tempdir, f)) >> dict = cPickle.load(fp) >> fp.close() >> >> if (time() - dict['_accessed']) > dict['_timeout']: >> os.unlink('%s%s' % (tempdir, f)) >> >> def do_load(self): >> try: >> # again, is there a more pythonic way of doing this check? >> fp = file('%s/mp_sess_%s' % (tempdir, self._sid)) >> except Exception: >> return None >> else: >> try: >> data = cPickle.load(fp) >> fp.close() >> return data >> >> except Exception: >> fp.close() >> pass >> >> def do_save(self, dict): >> fp = file('%s/mp_sess_%s' % (tempdir, self._sid), 'w+') >> cPickle.dump(dict, fp) >> fp.close() >> >> def do_delete(self): >> try: >> unlink('%s/mp_sess_%s' % (tempdir, self._sid)) >> except Exception: >> pass >> ------------------------------------------------------------------------ >> >> -- >> Juan Alonso >> http://gamersmafia.com | http://laflecha.net >> >> >> import cPickle >> import tempfile >> >> from mod_python import Session >> >> tempdir = tempfile.gettempdir() >> >> class FileSession(Session.BaseSession): >> >> def __init__(self, req, sid=0, secret=None, timeout=0, lock=1): >> >> Session.BaseSession.__init__(self, req, sid=sid, secret=secret, >> timeout=timeout, lock=lock) >> >> def do_cleanup(self): >> import os >> >> # is there any faster way of doing this? >> for f in os.listdir(tempdir): >> if f.find('mp_sess_', 0, 11) == -1: >> continue >> >> fp = file('%s%s' % (tempdir, f)) >> dict = cPickle.load(fp) >> fp.close() >> >> if (time() - dict['_accessed']) > dict['_timeout']: >> os.unlink('%s%s' % (tempdir, f)) >> >> def do_load(self): >> try: >> # again, is there a more pythonic way of doing this check? >> fp = file('%s/mp_sess_%s' % (tempdir, self._sid)) >> except Exception: >> return None >> else: >> try: >> data = cPickle.load(fp) >> fp.close() >> return data >> >> except Exception: >> fp.close() >> pass >> >> def do_save(self, dict): >> fp = file('%s/mp_sess_%s' % (tempdir, self._sid), 'w+') >> cPickle.dump(dict, fp) >> fp.close() >> >> def do_delete(self): >> try: >> unlink('%s/mp_sess_%s' % (tempdir, self._sid)) >> except Exception: >> pass >> >> >> _______________________________________________ >> Mod_python mailing list >> Mod_python at modpython.org >> http://mailman.modpython.org/mailman/listinfo/mod_python >> >> >> > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|