python - With sqlalchemy how to dynamically bind to database engine on a per-request basis -

-

I have a Pillons-based web application that connects to a postgraze database (v0.5). Instead of following the simple pattern of simple web app, for safety, (as seen only in all tutorials), I'm not using a generic postgrazy user (like "webpap"), but I want it That the user is using his own postgraduate user id and password, and using that connection. This means that we get the full benefit of postgrace security.

To make things still complicated, there are two separate databases to connect to it, although they are currently in the same postgres cluster, they should be able to move different hosts at a later date.

We are using the package of Sclaimimi, although I do not know whether this is any effect on the case.

Most examples of sclechemy are used with a normal database user with common applications and once set metadata with password, such as through a web application. It usually creates metadata.bind = (), sometimes even on the module-level in database model files.

My question is that we can postpone the establishment of the connection until the user is logged in, and then (of course) reuse those connections, or for each subsequent request, Restore using same credentials.

We do this work - we think - but I'm definitely not sure about it, I also feel that it looks incredibly heavy weight for the situation.

Within the BaseController's __Call __ method we retrieve the useraddress and password. Web Session, call sclechemy_egin for each database, then call a regular Call, which calls for a session. Bund_mapper () Repeatedly, once for each table that can be , is referred to at each of those connections, even if any given request usually refers to only one or two tables This looks like this: BaseController class def __call __ (in self, environment, start_response) in lib / base.py in 

  #: # Note: {'Username' in the Web session: XXX, 'password': YYY} url1 = 'postgres: //% (username) s:% (password) s @ server1 / finance'% session url2 = 'postgres: //% (username) s:% (password) S @ Server2 / staff '% finance finance = Create_engine (url1) employee = create_engine (url2) db_configure (employee, finance) # see below ... etc # Sessions in another file = scoped_session (sessionmaker ()) def db_configure (employee, finance): S = session () Db.finance Import Employee, Client, [Employee, Client, Invoice, In] Invoice for: db.staff Import Project to s.bind_mapper (c, finance), [project, hour,]: s.bind_mapper (c, Staff) s.close () prevents the interaction between # sessions?

Then there are create_engine () calls on every request ... I can see that the need is happening, and the connection pool probably caches them and does something wisely < Em table on request

but call.bind_mapper () to call ? It seems that should be in better way.

Obviously, because strong desire for strong security is under all of this, we should not have any chance that a connection to the high security user will be used unknowingly by a low-security user later in the request. .

Compulsive global objects (Mappers, Metadata) for the user-specified connection is not a good way, as well as scope Using the session. I recommend creating a new session for each request and configuring it to use a user-specific connection. The following sample assumes that you use different metadata objects for each database:

binds = {} finance_engine = create_engine (url1) binds.update (dict.fromkeys (finance_metadata. Due to bugs (or misconceptions) in # SQLAlchemy 0.5.4, the following line is required when the mapping of the combined tables is used (Example # The Joint Table Inherited). # This problem may be fixed in new versions. Binds.update (dict.fromkeys ([employee, customer, invoice], finance_ignin) employee_join = making_image (url2) binds.update (dict.fromkeys (staff_metadata.sorted_tables, staff_engine)) # See the comment above. Binds.update (dict. Fromkeys ([project, hour], staff_agine) session = session maker (bind = binds) ()

Comments

Post a Comment

Popular posts from this blog

c# - How to capture HTTP packet with SharpPcap -

-
I would like to capture all incoming HTTP packets on my machine. To do this, I am using SharpPcap which is a WinPcap The cover is. SharpPcap works very well, but it captures TCP packets and what it wants to do for me is a very low level. Does anyone know how can I easily get full HTTP requests / reactions from all these TCP packets? Thanks SharpPcap is already able to capture the packet in the same way That's what the virus does (just in the code instead of the GUI). And you can either either parse them directly or you can put them in the drive in the common .pcap file format. The steps to parse the capture are: Open a connection at any time Loop a while Or start capturing using an event callback Parsing the raw packet for the type you want If you are reading .PPP dump files In addition to calling you an offline capture reader is almost the same, there is no need to select an interface, and you can set the majority There is no need to do the modes. All st...
Read more

php - Multiple Select with Explode: only returns the word "Array" -

-
By using Wordpress I have created a multiple selection box so that users can select categories to exclude. When the page is initially loaded, I see my predefined default option. However, when I select a new value and I save ... I only see the word "Array" and have not chosen anything else? & lt; Class = "amultiple" id = "& lt; php echo $ value ['id'] ;? gt;" name = "& gt; php echo $ value ['id'] ;; gt; []" Multiple = "multiple" size = "8" & gt; & Lt ;? Php global option; Foreign currency ($ value as value $) {if (get_settings ($ value ['id']) === FALSE {$$ value ['id'] = $ value ['std']; } And {$$ value ['id'] = get_settings ($ value ['id']); }} $ Ranges = & amp; Amp; Categories ('type = post & orderbiz = name & amp; hide_empty = 1'); If ($ ranges) {$ ex_cat = implode (',', $ tt_cat_exclude); Forex Currency ($ range a...
Read more

jquery - SimpleModal Confirm fails to submit form -

-
I am trying to confirm jQuery to show yes / no confirmation when I submit a form. I had modified (in the last list) to capture and block form submissions. However, it only works with jQuery 1.2.6, a recent upgrade stops 1.3.2, if yes is clicked, then by submitting the form. But I can not understand what is wrong / inconsistent in my code now. Demo (which works in both versions of a simple window.href implementation). $ (document) .ready (function () {$ ('input.delete'). Click (function (e) {e.preventDefault (); var target = $ (e .target); Confirm ("Really delete this event?", Function () {target.click ()});});}); How about something like this? The idea of ​​catching clicks (and fire!) On the submitted event is not click event. $ (document) .ready (function () {$ ('# myForm'). Submit (function () {var f = this; Confirm (" Remove? ", Function () {$ (f). Submit ();}) Return; Return the initial session;}}}}; Hope That this is som...
Read more