[WF-Infra] Re: [WF-General] We need a members database

Bryce Harrington bryce at neptune.net
Wed Oct 3 13:04:23 PDT 2001


On Wed, 3 Oct 2001, Philippe Jadin wrote:
> > Whew.  Anyway, to sum up - I think we'd get the best bang for the buck
> > by doing the members database via Eidetic, with the data stored either
> > in Postgresql (preference) or mysql, and with authentication controlled
> > via Apache::AuthTicket.  If Zope can be made to handle this sort of
> > setup, then I think it'd open a *lot* of potential.  Think it can be
> > done?
> 
> 
> What I like with your system is the fact that it is already usable with
> other tools. In the case of zope, user authentification is a plugin, so
> you can create your own kind of zope "user folder". There are several
> zope products that do just this.
> 
> What would be the most zope-friendly, would be to use one of those
> products, "mysqlUserFolder". This way we can use your tool for every
> task outside zope, and use this user folder inside zope with the user
> data coming from the same mysql database.

> Here is a description from the documentation :
> 
> [mysqlUserFolder]
> - Main function is to authenticate users and set their roles based on
> data from the MySQL server.
> - It keeps track of sessions (logging is supported).
> - It allows reading and writing custom user and session data. These
> informations are also kept in a MySQL table.
> - It has methods that allow users to modify their accounts. It also
> allows anonymous user creation (it allows users to create their accounts
> over the internet). Also, folder's management interface allows user
> management.
> 
> 
> Only problem I guess, is the schema of the database used by
> mysqlUserFolder which is probably not the same as yours. Anyway I
> uploaded it there: http://moria.mit.edu:8080/media/sql/create_tables.txt
> . What do you think about it?

Hmm, structurally and architecturally they seem similar, but in details
they're considerably different.  For example, the token system sounds
roughly similar to the Apache::AuthTicket ticket system, but is probably
completely incompatible.

> This product seems pretty complete, with user activities loged, custom
> roles, custom user properties, and support for sessions with a limited
> lifetime...

*Nod* this sounds very much like my system.  Session limits is built
into Apache::AuthTicket, and timeouts are set in httpd.conf.  I have an
extensible 'permission' table that is analogous to the custom roles.  I
base permissions on 'resources' rather than 'realms', but I think the
functionality is analogous.  I don't actually log user activities,
though, but I guess it wouldn't be *too* hard to add, if we actually
needed it (I am not sure we do though).  I don't have custom user
properties implemented, but I plan to incorporate a general purpose
database table management system eventually, that would allow for that
(currently, extending database tables is just a matter of adding the
field to the database table and updating the web forms, so even without
this system it's pretty easy to add new user properties).

> What do you think about it ?

Judging from the SQL it looks like a pretty good system.  But Eidetic
already provides most of this, and not in a compatible fashion.  If this
system works with Zope, then I bet we could use it as a template for
how to get Eidetic to be usable with Zope.  Zope capability for user
accounting would be a wonderful feather in Eidetic's cap.

Bryce






More information about the Infra mailing list