Revision history for ApacheDBI.
1.03 08/21/2006
- MP1: Undefined subroutine &Apache2::Const::OK called at
Apache/AuthDBI.pm line 906.
Submitted by: [Philip.Garrett@manheim.com]
Reviewed by: Kevin A. McGrail (ThoughtWorthy Media, Inc.)
- http://rt.cpan.org/Ticket/Display.html?id=20809
avoid a warnings caused by debug statements
Reported by: Vladimir S. Tikhonjuk <vst@vst.donetsk.ua>
1.02 08/02/2006
- http://rt.cpan.org/Ticket/Display.html?id=20808
s/denug/debug/ typo in Apache::AuthDBI
Submitted by: Vladimir S. Tikhonjuk <vst@vst.donetsk.ua>
1.01 06/04/2006
- Re-release as non developer release.
No changes from 1.00_01.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
1.00_01 05/29/2006
- As DBI has supported only perl 5.6.0 since 2003
v1.38 Apache::DBI now requires perl 5.6.0 as well.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
- Fix a plethora of uninitialized variable warnings,
general code cleanup, don't import unneeded symbols
from Carp, Digest::SHA1, and Digest::MD5
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
- http://rt.cpan.org/Ticket/Display.html?id=17073
$sth->rows is inconsistent across DBD::* drivers
and sometimes always returns 0. We were using
this to distinguish between a blank password and
no passwd. Now we don't call this function.
Reported by: rkimmelmann@web.de
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
- http://rt.cpan.org/Ticket/Display.html?id=17422
a fatal error involving mp1, mp2 constants co-existance
was fixed in AuthDBI.
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
- http://rt.cpan.org/Ticket/Display.html?id=17446
under mod_perl 2, the check to skip caching connections
at server startup was broken; thus, causing children
to incorrectly share dbh handles with the parent.
Submitted by: clinton@traveljury.com
- http://rt.cpan.org/Ticket/Display.html?id=19491
a critical return was missing connect() under mod_perl2
Submitted by: perrin@elem.com
- Moved module's repository to its new home in SVN from CVS
http://svn.perl.org/modules/Apache-DBI
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
0.9901 08/19/2005
- Fix the versioning blunder of .100 < .99
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
- Account for the case of mp1 and mp2 installed
in the same perl tree. The evals were not playing
nice with modules like Apache::SSI, Apache::SessionManager.
Sumitted by: [Frank Maas <frank.maas@cheiron-it.nl>]
Tweaked/reviewed by: [Philip M. Gollucci <pgollucci@p6m7g8.com>]
0.100 08/10/2005
- Move $Idx from a file-scoped variable to a connect() scoped
variable, which gets passed to other subroutines as needed.
This will ensure that the cleanup/rollback feature will work
properly when a script uses more than one database handle to the
same database.
[Joe Thomas <joet@tellme.com>]
- Fixed issues relating to changing handle state post
connection. Handles now returned in same state as original and incomplete
transactions rolled back before re-issuing handle so.
Submited by: [Joe Thomas <joet@tellme.com>]
Contributed by: [Patrick Mulvany <paddy@firedrake.org>]
- Fix a () bug in the connect() determining whether we must ping
the database. PingTimeOut = 0 now works as documented.
Submited by: [Joe Thomas <joet@tellme.com>]
Contributed by: [Patrick Mulvany <paddy@firedrake.org>]
0.99 08/03/2005
- Turn off Debugging by default.
Reported by <jonanderson@seren.com>
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
0.98 06/30/2005
- Fix MP2 issue with $Apache::Server::Starting
Reported by Vincent Moneymaker vbmonymaker@hotmail.com
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
0.97 06/27/2005
- Fix minor use strict bug in make test
[Philip M. Gollucci <pgollucci@p6m7g8.com>]
- Fixed a bug in salt calculation
Kevin A. McGrail (ThoughtWorthy Media, Inc.)
- Added Auth_DBI_encryption_method configuration. Supports md5 hex, sha1 hex & crypt and will support fallback.
Other encryption methods can be added by modifying the subroutine get_passwds_to_check
Kevin A. McGrail (ThoughtWorthy Media, Inc.)
- MP2/MP1 Constants compatability fixes in AuthDBI
Kevin A. McGrail (ThoughtWorthy Media, Inc.)
- Added a feature 'Apache::AuthDBI->setProjID(1)' to set a Shared
Memory Project ID when using the shared memory caching.
Kevin A. McGrail (ThoughtWorthy Media, Inc.)
- Fixed an MP2 problem when Debug is set to 2 changing is_main() to main() call
Kevin A. McGrail (ThoughtWorthy Media, Inc.)
- Added a few more Debug statements including the Semaphore ID in hex to use ipcs
Kevin A. McGrail (ThoughtWorthy Media, Inc.)
0.96 04/19/2005
- Account for the recent mod_perl2 API renaming
[Philip M .Gollucci <pgollucci@p6m7g8.com>]
0.95 04/01/2005
- Avoid "The object isn't defined" error during "make test" if
we can't connect to the test database.
0.94 February 17, 2004
- Fix use of uninitialized value warnings when passed an
"undef" attribute (thanks to Trevor Schellhorn)
- Minor POD cleanups
0.93 January 10, 2004
- Always check $dbh->ping if the PingTimeOut is 0.
(thanks to Dennis Ingram <Dennis.Ingram@tab.co.nz>)
- Change $r->connection->user to $r->user to make AuthDBI work
with mod_perl 2.0 (thanks to Neil MacGregor <nmacgr@ca.ibm.com>
and Brian McCauley <nobull@cpan.org>)
- removes the requirement for IPC::SysV to be installed if you
don't actually use it. Remove support for mod_perls without
push_handler support (Thanks to Brian again)
- improve tests (based on patch from Geoffrey Young
<geoff@modperlcookbook.org>; thanks Geoff!)
0.92 August 11, 2003
- Avoid use of uninitialized value warning under mod_perl 2.
- Make the tests compatible with DBI >= 1.33 (thanks to Paul
MacAdam <paul.macadam@intransa.com>)
0.91 February 17, 2003
- Retagged and released the 0.90_02 beta as 0.91. No code
changes.
0.90_02 January 10, 2003
- Changes to make Apache::DBI load and function under mod_perl
2.0. A few important notes: connect_on_init does not work yet
and there's no automatic RollBack cleanup handler when
autocommit is turned off.
0.90_01 January 10, 2003
- Only call Apache::Status if Apache.pm is completely loaded
(so you can load Apache::DBI outside the mod_perl environment)
- Make Test::More a prerequisite so we can do real tests
- Make DBI.pm a prerequisite
- Add a simple, but real, test script. Requires DBD::mysql
and a test database
0.89 June 17, 2002
- fix bug that occasionally made Apache::DBI connect several
times to the database even when DSN and attributes were the
same.
- Updated links and such in the documentation
0.88 January 12, 2001
- fix bug in child_init: consider 0 as valid result for a
semaphore id.
- remove defined(@array), which is depreceated in perl5.6
0.87 September 28, 1999
- fix for the usage of the environment variable DBI_DSN
introduced in 0.86 was still incomplete.
0.86 September 27, 1999
- in AuthDBI remove check of configured data_source in order to allow
the usage of the environment variable DBI_DSN. Bug spotted by
Oleg Bartunov <oleg@sai.msu.su>.
- applied patch from Matt Loschert <loschert@servint.com>,
which avoids 'Use of uninitialized value ...' in Apache::DBI.
- added new attribute 'Auth_DBI_encryption_salt' as proposed by
Nathan Clemons <nathan@windsofstorm.net>.
Per default this is set to 'password' which will use the password
as salt for the crypt function. Setting this to 'userid' will use
the userid as salt.
- fixed bug with setting Auth_DBI_nopasswd to 'on', spotted by
"Sigurjon Olafsson" <sigurjon@gm.is>.
0.85 August 24, 1999
- change separator of Auth_DBI_data_source, Auth_DBI_username and
Auth_DBI_password from comma to tilde, in order to avoid clashes
with embedded attributes in data_source.
Bug spotted by Oleg Bartunov <oleg@sai.msu.su>.
- applied patch to Apache::DBI.pm from Tim Bunce <Tim.Bunce@ig.co.uk>
which solves the problem that Apache::DBI did not return a ref cursor.
0.84 August 21, 1999
- combine Apache::AuthenDBI and Apache::AuthzDBI into one package
Apache::AuthDBI.
- discard Apache::DebugDBI. Debugging can be enabled by setting
the variables Apache::AuthDBI::DEBUG and Apache::DBI::DEBUG to
appropriate values.
- the attribute 'Auth_DBI_cache_time' has been discarded. The
cache time now has to be configured upon server startup using the
method setCacheTime(n).
- optionally use shared memory for the cache used for authentication
and authorization as proposed by Rauznitz Balazs <jomagam@yahoo.com>.
- make the PerlCleanupHandler, which cleans the cache in Apache::AuthDBI,
configurable. Per default it is switched off.
- connect attributes for authentication and authorization may be a
list of several servers, all of which will be used until the first
connect succeeds.
Proposed by Matt Loschert <loschert@servint.com>.
- the PerlCleanupHandler in Apache::DBI.pm, which is supposed
to initiate a rollback in case AutoCommit is off, will only be
created, if the initial data_source sets AutoCommit to 0.
- fixed bug with empty password, which didn't fall through for
authoritative = off, spotted by "Graham Johnson" <graham@iii.co.uk>.
- analogous to the environment variables REMOTE_GROUPS and REMOTE_GROUP
the selected passwords and the matched password are put into the
environment variables REMOTE_PASSWORDS and REMOTE_PASSWORD.
Proposed by Jochen Wiedmann <joe@ispsoft.de>.
- add traces.txt, which serves as reference for the debug output.
0.83 August 08, 1999
- make ping configurable, proposed by
Gunther Birznieks <gunther@nhgri.nih.gov>
- change $user_sent_quoted to $user_sent when checking for
placeholders (Michael Smith <mjs@iii.co.uk>)
- bug-fix for encrypted passwords, which have never been taken
from the cache. Spotted by Yves BLUSSEAU <yves.blusseau@sncf.fr>.
0.82 June 03, 1999
- bug-fix spotted by "Dale Manemann" <manemann@dubuque.net>:
correct the password handling for the case, where the password has
been changed in the database and the old password is still cached.
- proposal from Honza Pazdziora <adelton@informatics.muni.cz>:
add PerlCleanupHandler in Apache::DBI, which issues a rollback
unless AutoCommit is on.
- changed behavior of AuthzDBI: the first match of a
requirement is sufficient for successful authorization.
Prior to this release, all requirement lines had to
be fulfilled.
- proposal from Rauznitz Balazs <jomagam@yahoo.com>:
new function all_handlers() in Apache::DBI.pm. Returns
all cached database handles, so that other handlers can
perform tasks on them.
- proposal from Michael Smith <mjs@iii.co.uk>: new
configuration option Auth_DBI_placeholder. Setting this
option to true, will use placeholders for the given userid
in the SELECT statements. This will speedup database access.
- proposal from "Jordi 'Matematic' Salvat" <jordi@webarna.com>:
replace AuthName with a summary of all attributes relevant
for the select statements. This still keeps the userid entries
in the cache unique, but solves the problem with different
AuthNames which eventually forces the user to authenticate
several times.
- new configuration option Auth_DBI_expeditive from
"Jordi 'Matematic' Salvat" <jordi@webarna.com>.
When authorization fails, AuthzDBI returns AUTH_REQUIRED
as default. With Auth_DBI_expeditive set to "on" it returns
FORBIDDEN if access is denied. Hence this can be distinguished
from the case, where the user just mistyped the password.
- applied patch from Ask Bjoern Hansen <ask@valueclick.com>:
get rid of some annoying "Use of uninitialized value ..."
- applied patch from Joshua Chamas <joshua@chamas.com>:
use eval{ping} to prevent using an invalid database handle.
- added 'use Apache;' to Apache::DBI.pm as proposed by
Michael Smith <mjs@iii.co.uk>.
- implemented multiple passwords per userid as proposed by
dan hammer <dhammer@verio.net>.
- applied patch for case-insensitive user-ids from
<grussell@wiley.com>.
- implement proposal from Honza Pazdziora <adelton@informatics.muni.cz>:
Auth_DBI_casesensitive replaced by Auth_DBI_uidcasesensitive and
Auth_DBI_pwdcasesensitive.
- applied patch from fdc@cliwe.ping.de (Frank D. Cringle):
prevent "Use of uninitialized value warning" in error.log.
- work-around for mod_perl problem spotted by Mike Hayward
<hayward@loup.net>: when building mod_perl as dso, Apache::DBI
was always skipping the connection cache.
0.81 Sep 08, 1998
- Cache entries consider the AuthName to distinguish
between identical user-ids in different authorization
realms.
0.80 Jul 26, 1998
- applied patch from Anto Prijosoesilo <anto@inet.co.th>:
change second argument for crypt function from $salt
to $passwd in order to be compatible with BSD.
- applied patch for Apache::DBI.pm from Randy Harmon
<rjharmon@uptimecomputers.com>: reject database connect
during server startup.
- call CleanupHandler in Authen DBI and AuthzDBI only if
cache_time is configured.
0.79 Jun 06, 1998
- implemented a simple caching mechanism in AuthenDBI as
well as in AuthzDBI. Per default this cache is disabled
and can be enabled by setting Auth_DBI_cache_time > 0.
YOU NEED AT LEAST VERSION apache_1.3b6 !
- applied patch from Jeff Baker <jeff@godzilla.tamu.edu>
fix menu item for DBI connections that are made using
the Oracle TNS listener.
- implemented proposal from Leslie Mikesell <les@Mcs.Net>
change group-handling in AuthzDBI. All groups related to
the given user are selected at once and then put into a
comma-separated list. This list is compared with the
required groups.
Depending upon the existence of Auth_DBI_grp_table, the
SQL-select looks either in the pwd_table or in the
grp_table for the groupid. PLEASE CHECK THE MODULE
DOCUMENTATION AND YOUR .htaccess !
0.78 February 18, 1998
- applied patch from "B. W. Fitzpatrick" <fitz@onShore.com>
DBI calls connect always with 4 parameters, even if they
are empty. This results in an error with DBD-Informix.
- added '$dbh->disconnect' before 'return SERVER_ERROR;'
(fyodor@mp.aha.ru <Fyodor Krasnov>).
- added optional where-clause in AuthenDBI as well as
in AuthzDBI (Helmut Patay <Helmut.Patay@mch.sni.de>).
0.77 January 18, 1998
- applied patches from Doug MacEachern:
o new method Apache::DBI->connect_on_init()
o set environment variable REMOTE_GROUP in AuthzDBI.pm.
0.76 December 18, 1997
- removed unused variable from AuthzDBI.pm
0.75 November 02, 1997
- strip trailing blanks from password for
fixed-length data type
- new token: 'Auth_DBI_casesensitive'
fixed bug when using attributes in connect method
fixed bug which appeared with perl5.004_04
(Hakan Tandogan <hakan@iconsult.com>
0.74 August 15, 1997
- new module: AuthzDBI for Authorization,
(supports group authorization)
- complete rewrite of AuthenDBI.
- configuration directives and functionality
of both modules are supposed to be identical
with mod_auth_msql of the apache daemon.
- adapted to new DBI connect syntax
- changed names of config vars to be more
consistent with other authentication modules.
PLEASE ADAPT YOUR CONFIGURATION !!!
0.73 July 15, 1997
- fixed bug in DBI.pm: check return value of connect
0.72 July 13, 1997
- added logging option to AuthenDBI
0.71 July 01, 1997
- debugging is now controlled by a global variable
0.7 July 01, 1997
- changed the way of initiating debug output
0.6 May 20, 1997
- fixed bug which caused a disconnect with some
DBD-drivers (Oracle,...)
0.5 May 16, 1997
- applied patches from Stephen E Kane <skane@cse.psu.edu>
0.4 May 13, 1997
- fixed check for first internal request in
AuthenDBI.pm
0.3 May 5, 1997
- make AuthenDBI to be a separate module
- adapt to new DBI, so code changes are not
required anymore for persistent connections
0.2 Apr 6, 1997
- unused methods deleted
- AuthenDBI integrated
- method for disconnect added
- menu item for Apache::Status added
0.1 Mar 15, 1997
- creation