Revision history for ApacheDBI.
0.87 September 28, 1999
- fix for the usage of the environment variable DBI_DSN
introduced in 0.86 was still incomplete.
0.86 September 27, 1999
- in AuthDBI remove check of configured data_source in order to allow
the usage of the environment variable DBI_DSN. Bug spotted by
Oleg Bartunov <oleg@sai.msu.su>.
- applied patch from Matt Loschert <loschert@servint.com>,
which avoids 'Use of uninitialized value ...' in Apache::DBI.
- added new attribute 'Auth_DBI_encryption_salt' as proposed by
Nathan Clemons <nathan@windsofstorm.net>.
Per default this is set to 'password' which will use the password
as salt for the crypt function. Setting this to 'userid' will use
the userid as salt.
- fixed bug with setting Auth_DBI_nopasswd to 'on', spotted by
"Sigurjon Olafsson" <sigurjon@gm.is>.
0.85 August 24, 1999
- change separator of Auth_DBI_data_source, Auth_DBI_username and
Auth_DBI_password from comma to tilde, in order to avoid clashes
with embedded attributes in data_source.
Bug spotted by Oleg Bartunov <oleg@sai.msu.su>.
- applied patch to Apache::DBI.pm from Tim Bunce <Tim.Bunce@ig.co.uk>
which solves the problem that Apache::DBI did not return a ref cursor.
0.84 August 21, 1999
- combine Apache::AuthenDBI and Apache::AuthzDBI into one package
Apache::AuthDBI.
- discard Apache::DebugDBI. Debugging can be enabled by setting
the variables Apache::AuthDBI::DEBUG and Apache::DBI::DEBUG to
appropriate values.
- the attribute 'Auth_DBI_cache_time' has been discarded. The
cache time now has to be configured upon server startup using the
method setCacheTime(n).
- optionally use shared memory for the cache used for authentication
and authorization as proposed by Rauznitz Balazs <jomagam@yahoo.com>.
- make the PerlCleanupHandler, which cleans the cache in Apache::AuthDBI,
configurable. Per default it is switched off.
- connect attributes for authentication and authorization may be a
list of several servers, all of which will be used until the first
connect succeeds.
Proposed by Matt Loschert <loschert@servint.com>.
- the PerlCleanupHandler in Apache::DBI.pm, which is supposed
to initiate a rollback in case AutoCommit is off, will only be
created, if the initial data_source sets AutoCommit to 0.
- fixed bug with empty password, which didn't fall through for
authoritative = off, spotted by "Graham Johnson" <graham@iii.co.uk>.
- analogous to the environment variables REMOTE_GROUPS and REMOTE_GROUP
the selected passwords and the matched password are put into the
environment variables REMOTE_PASSWORDS and REMOTE_PASSWORD.
Proposed by Jochen Wiedmann <joe@ispsoft.de>.
- add traces.txt, which serves as reference for the debug output.
0.83 August 08, 1999
- make ping configurable, proposed by
Gunther Birznieks <gunther@nhgri.nih.gov>
- change $user_sent_quoted to $user_sent when checking for
placeholders (Michael Smith <mjs@iii.co.uk>)
- bug-fix for encrypted passwords, which have never been taken
from the cache. Spotted by Yves BLUSSEAU <yves.blusseau@sncf.fr>.
0.82 June 03, 1999
- bug-fix spotted by "Dale Manemann" <manemann@dubuque.net>:
correct the password handling for the case, where the password has
been changed in the database and the old password is still cached.
- proposal from Honza Pazdziora <adelton@informatics.muni.cz>:
add PerlCleanupHandler in Apache::DBI, which issues a rollback
unless AutoCommit is on.
- changed behavior of AuthzDBI: the first match of a
requirement is sufficient for successful authorization.
Prior to this release, all requirement lines had to
be fulfilled.
- proposal from Rauznitz Balazs <jomagam@yahoo.com>:
new function all_handlers() in Apache::DBI.pm. Returns
all cached database handles, so that other handlers can
perform tasks on them.
- proposal from Michael Smith <mjs@iii.co.uk>: new
configuration option Auth_DBI_placeholder. Setting this
option to true, will use placeholders for the given userid
in the SELECT statements. This will speedup database access.
- proposal from "Jordi 'Matematic' Salvat" <jordi@webarna.com>:
replace AuthName with a summary of all attributes relevant
for the select statements. This still keeps the userid entries
in the cache unique, but solves the problem with different
AuthNames which eventually forces the user to authenticate
several times.
- new configuration option Auth_DBI_expeditive from
"Jordi 'Matematic' Salvat" <jordi@webarna.com>.
When authorization fails, AuthzDBI returns AUTH_REQUIRED
as default. With Auth_DBI_expeditive set to "on" it returns
FORBIDDEN if access is denied. Hence this can be distinguished
from the case, where the user just mistyped the password.
- applied patch from Ask Bjoern Hansen <ask@valueclick.com>:
get rid of some annoying "Use of uninitialized value ..."
- applied patch from Joshua Chamas <joshua@chamas.com>:
use eval{ping} to prevent using an invalid database handle.
- added 'use Apache;' to Apache::DBI.pm as proposed by
Michael Smith <mjs@iii.co.uk>.
- implemented multiple passwords per userid as proposed by
dan hammer <dhammer@verio.net>.
- applied patch for case-insensitive user-ids from
<grussell@wiley.com>.
- implement proposal from Honza Pazdziora <adelton@informatics.muni.cz>:
Auth_DBI_casesensitive replaced by Auth_DBI_uidcasesensitive and
Auth_DBI_pwdcasesensitive.
- applied patch from fdc@cliwe.ping.de (Frank D. Cringle):
prevent "Use of uninitialized value warning" in error.log.
- work-around for mod_perl problem spotted by Mike Hayward
<hayward@loup.net>: when building mod_perl as dso, Apache::DBI
was always skipping the connection cache.
0.81 Sep 08, 1998
- Cache entries consider the AuthName to distinguish
between identical user-ids in different authorization
realms.
0.80 Jul 26, 1998
- applied patch from Anto Prijosoesilo <anto@inet.co.th>:
change second argument for crypt function from $salt
to $passwd in order to be compatible with BSD.
- applied patch for Apache::DBI.pm from Randy Harmon
<rjharmon@uptimecomputers.com>: reject database connect
during server startup.
- call CleanupHandler in Authen DBI and AuthzDBI only if
cache_time is configured.
0.79 Jun 06, 1998
- implemented a simple caching mechanism in AuthenDBI as
well as in AuthzDBI. Per default this cache is disabled
and can be enabled by setting Auth_DBI_cache_time > 0.
YOU NEED AT LEAST VERSION apache_1.3b6 !
- applied patch from Jeff Baker <jeff@godzilla.tamu.edu>
fix menu item for DBI connections that are made using
the Oracle TNS listener.
- implemented proposal from Leslie Mikesell <les@Mcs.Net>
change group-handling in AuthzDBI. All groups related to
the given user are selected at once and then put into a
comma-separated list. This list is compared with the
required groups.
Depending upon the existence of Auth_DBI_grp_table, the
SQL-select looks either in the pwd_table or in the
grp_table for the groupid. PLEASE CHECK THE MODULE
DOCUMENTATION AND YOUR .htaccess !
0.78 February 18, 1998
- applied patch from "B. W. Fitzpatrick" <fitz@onShore.com>
DBI calls connect always with 4 parameters, even if they
are empty. This results in an error with DBD-Informix.
- added '$dbh->disconnect' before 'return SERVER_ERROR;'
(fyodor@mp.aha.ru <Fyodor Krasnov>).
- added optional where-clause in AuthenDBI as well as
in AuthzDBI (Helmut Patay <Helmut.Patay@mch.sni.de>).
0.77 January 18, 1998
- applied patches from Doug MacEachern:
o new method Apache::DBI->connect_on_init()
o set environment variable REMOTE_GROUP in AuthzDBI.pm.
0.76 December 18, 1997
- removed unused variable from AuthzDBI.pm
0.75 November 02, 1997
- strip trailing blanks from password for
fixed-length data type
- new token: 'Auth_DBI_casesensitive'
(Hakan Tandogan <hakan@iconsult.com>
- fixed bug when using attributes in connect method
- fixed bug which appeared with perl5.004_04
0.74 August 15, 1997
- new module: AuthzDBI for Authorization,
(supports group authorization)
- complete rewrite of AuthenDBI.
- configuration directives and functionality
of both modules are supposed to be identical
with mod_auth_msql of the apache daemon.
- adapted to new DBI connect syntax
- changed names of config vars to be more
consistent with other authentication modules.
PLEASE ADAPT YOUR CONFIGURATION !!!
0.73 July 15, 1997
- fixed bug in DBI.pm: check return value of connect
0.72 July 13, 1997
- added logging option to AuthenDBI
0.71 July 01, 1997
- debugging is now controlled by a global variable
0.7 July 01, 1997
- changed the way of initiating debug output
0.6 May 20, 1997
- fixed bug which caused a disconnect with some
DBD-drivers (Oracle,...)
0.5 May 16, 1997
- applied patches from Stephen E Kane <skane@cse.psu.edu>
0.4 May 13, 1997
- fixed check for first internal request in
AuthenDBI.pm
0.3 May 5, 1997
- make AuthenDBI to be a separate module
- adapt to new DBI, so code changes are not
required anymore for persistent connections
0.2 Apr 6, 1997
- unused methods deleted
- AuthenDBI integrated
- method for disconnect added
- menu item for Apache::Status added
0.1 Mar 15, 1997
- creation