[Dbix-class] ROLLBACK seems to be skipped on 0.08
Jesper Krogh
jesper at krogh.cc
Sun Oct 21 06:57:44 GMT 2007
Peter Edwards wrote:
>> I also intentionally close the db-connection pre-request from Catalyst,
>> that may be the reason why I never stumbled upon that problem.
>
> OK. There's better performance with a persistent database connection (DBIC
> handles this transparently I believe under Apache mod_perl). Depends what
> web server platform you use.
>
>> In this application the "web-authenticated-user" is also the
>> "database-user", so a "connection per request" is required.
>
> Most apps I've worked on we used a single db user (whatever the web
> authenticated user) that has update permissions but not admin permissions.
> It limits the damage that can be done if your app has a security hole.
Yes.. I know most web-apps work that way. But if you have a task about
telling.. "who did what, when", then you can either pass on the webuser
explicitly to every database query or use the authenticatied user in the
database. Which gives a nice possiblity to make a "log table" with
"old-data",who,lifetime just updated by an update-insert and
delete-trigger on the table. (infinite data-history)
Jesper
--
Jesper Krogh, jesper at krogh.cc
More information about the DBIx-Class
mailing list