[haiku-web] Re: Drupal-Trac Single Sign-On...
- From: "Niels Reedijk" <niels.reedijk@xxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Fri, 21 Mar 2008 17:03:53 +0100
Hi Jorge,
So many questions!
2008/3/21, Jorge G. Mare (a.k.a. Koki) <koki@xxxxxxxxxxxxxx>:
> Niels Reedijk wrote:
> > Short update:
> >
> > 2008/3/21, Niels Reedijk <niels.reedijk@xxxxxxxxx>:
> >> - Use an XMLRPC authentication mechanism. The Trac server will perform
> >> a request whenever a login is taking place, and retrieves the details
> >> of the user that way.
> >>
> >> I don't know if Unixware will allow 1. I should be able to write a
> >> plugin for Trac for 2, and a quick google search shows that drupal
> >> should already provide an XML plugin.
> >
> > I just wrote a plugin for Trac, and I think that part is done. I just
> > need to hack drupal a little bit (currently only users with blog
> > permissions can log in).
>
>
> I think it is a mistake to hack Drupal for this purpose.
I do not agree at all with your assertion that this is a mistake or a
waste of time. I also do not agree that this is 'hacking' drupal in
the ferocious sense of the word you seem to be implying. Drupal has
been designed to be extended, and you should be glad it is designed
this way, as it enables the website to be the way it is today. Have a
look at the actual source code first, before claiming it's a big hack.
> What happens when we upgrade Drupal?
Big chance that nothing has to be changed. The plugin is in total 60
lines, of which 10 lines actual plugin (the others are hooks). I just
quickly glanced over a diff between the 4.7 version of blogapi (on
which the plugin is based) and the 6.0 version, and nothing in the
relevant part of the code has been changed.
> What if we need to move servers suddenly (like we had to once, and rendered
> login unusable)?
The newer sollution is actually less dependent on the actual server,
and more dependent on the availability on www.haiku-os.org (or any
other host with Haiku's drupal installation on it). True, it is still
a dependency, but in fact this implementation is less dependent on the
actual physical location of the main site.
> What if Niels is not available when any of this happens?
Well, if anything happens to Trac at all, I'd say you'd be lost. I'd
be willing to document an 'emergency scenario' if need arises, but it
would probably be better to start training a 'junior' website
maintainer.
> You guys keep repeating the same
> mistakes and increase our vulnerability to this sort of situations (that
> we have already experienced in the past, btw). All for what?
This approach does not increase the vulnerability in comparison to the
current situation. In fact, in the case of a server move, it decreases
the vulnerability.
> For a marginal (at the very best) one time gain in convenience?
Well, I don't really know how marginal it is, but I do like the gain
in convenience, and if it were possible, I'd try to add the subversion
repository authentication as well. What you imply knowing is exactly
how vulnerable the system is. What did you do, a complete system
analysis?
> What's more important, though, is: do you care?
Yes.
> It looks like you don't,
> since you are already moving full steam ahead in spite of the issues
> that are being raised here.
I DO NOT agree with your assertion that I am moving full speed ahead
to anything. I have spent my morning solving a technical problem, by
looking at a possible set up. In the same spirit I've been looking at
a possible replacement for the current set up a few weeks ago, which I
tested on my private Trac installation for several hours
(http://www.trac-hacks.org/wiki/AccountManagerPlugin).
> What's the point of trying to have a
> discussion in a public discussion, if a single person is going to do as
> he pleases anyway?
Jorge, stop the drama. Nothing has been *done* yet. Nothing has
actually been implemented on the server yet. I find the whole tone of
this message - as some of yours before - unneccesarily agressive and
completely out of context. I have spent my morning on a problem that
interested me, and I have come up with a solution that would give us a
choice between keeping the current login system or looking for a new
one. I am not going to forgive your ignorance on overestimating the
Trac login system - the truth is by default there is none. A little
investigation (or by just asking) would have revealed that. We will
always have to create a dependency on a non-standard module.
Please in future, if you do want to override people using rhetorical
figures, remember that this style (firing an array or rhetorical
questions) does not work using e-mail. I will tediously answer every
single one of them. Use arguments instead, next time.
Niels
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List
Other related posts:
