[ic] access_gating whole catalog?

Tim Stoakes interchange-users@icdevgroup.org
Wed Oct 23 00:02:00 2002


On Tue, 22 Oct 2002 23:40:06 -0400
 cfm@maine.com wrote:
> On Tue, Oct 22, 2002 at 10:14:05PM -0400, Mike Heins wrote:
> > 
> > Quoting Mike Heins (mike@perusion.com):
> > > 
> > > I will certainly look at changing 4.9 and enabling it in the root
> > > directory as an option. I have not examined that code in quite some
> > > time, and it is always good to revisit previous decisions and see if
> > > they still make sense. 8-)
> > 
> > Looking at it, it seems to make sense only if I redo the entire
> > way this is all checked and specified. Or if I make the root
> > .access enable .access_gate checking in all subdirectories...
> > I am not sure of the implications of that.
> > 
> > I really hesitate to add yet another file test and corresponding
> > directory lookup. The routine that uses this, Vend::Util::readin,
> > is used in virtually every IC transaction.
> > 
> > I have long thought about incorporating Apache-style .htaccess control.
> > Part of the reason I did not originally is that Interchange has roots in
> > times when Apache was nowhere near as dominant as it is now -- it was
> > far from clear in 1996 (at least to me) what was going to happen.
> > 
> > Were I to do it, I would probably want to integrate with Apache
> > so that DBI authorizations and cookies from Apache::Session
> > could be shared. That would take a lot of work.
> 
> Apache is dominant, yes, but I don't like the idea of IC depending
> on it.  Coupling tightly not only means other web servers
> won't work but it may well lock people even into a specific version
> of Apache.  That **decreases** reliability.  I don't need software
> that breaks when I run apt-get upgrade.  The biggest chunk of our
> downtime is upgrade time.
> 
> You get something like Apache2 + mod_perl which might well
> require perl5.8+ and the upgrade path becomes a nightmare or
> even impossible for anyone not running out-of-the-box configurations
> with specific versions.  We stay on the bleeding edge so it
> is usually easier for us.
> 
> IC doesn't use mod_perl - though it is there in config, why? - 
> which doesn't work anyway with Apache2 so my head is starting to 
> really hurt because I can't put it on same machine as this and that
> site.  Clear interface, separate daemons and separate processes
> please!
> 
> > 
> > Since we are close to a code freeze on Interchange, and I have
> > several tasks to do before that happens, I will probably not
> > get to that sweeping a change.
> > 
> > So bottom line, I would like to keep .access checking the sam
> > and have any future work and complexity go toward something more
> > useful like emulating Apache Options settings.
> 
> In this particular case, where the web server can do it, why
> should IC do it?
> 

In my particular case, apache can do it because its based on ip or host - something that apache can understand.
access_gate files can have full IC flexibility, like userdb lookup or something, and allow neater redirection. I think because my problem can be solved by apache, doesn't mean we should discount being able to access_gate the whole catalog. I know that I could find at least 2 clients that would benefit from this - where a userdb lookup is required to allow access to the whole catalog. I could put a test+bounce at the top of all pages (in the template), but access_gate is a neater solution. If it recurses like .htaccess does, then a change in the root in 1 file only, would fix a problem thru the whole catalog if needed.

I still think there is a market for it, irrespective of how it is implemented (apache specific or not).

Tim

> > 
> > -- 
> > Mike Heins
> > Perusion -- Expert Interchange Consulting    http://www.perusion.com/
> > phone +1.513.523.7621      <mike@perusion.com>
> > 
> > Software axiom: Lack of speed kills.
> > 
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@icdevgroup.org
> > http://www.icdevgroup.org/mailman/listinfo/interchange-users
> > 
> 
> -- 
> 
> Christopher F. Miller, Publisher                               cfm@maine.com
> MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039