RE: Tikiwiki-devel digest, Vol 1 #1259 - 10 msgs

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

RE: Tikiwiki-devel digest, Vol 1 #1259 - 10 msgs

Verdon, Denis
RE: Tikiwiki-devel digest, Vol 1 #1259 - 10 msgs

Marc,

That'll be a non-trivial exercise.  We can start by giving a Webex demonstration and see how we go from there.


Denis Verdon, Head of CISG
FNF - Corporate Information Security Group
Fidelity National Financial
2510 N. Red Hill Avenue, Santa Ana CA 92705
 
Tel: (949) 221 3252
Cell: (949) 923 0390
Email: [hidden email]
Web: http://www.fnf.com
Intranet: https://cis.fnf.com
 

THIS E-MAIL AND ITS ATTACHMENTS ARE INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY WHO IS THE INTENDED RECIPIENT AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE OR ANY TYPE OF USE UNDER APPLICABLE LAW. IF THE READER OF THIS E-MAIL IS NOT THE INTENDED RECIPIENT, OR THE EMPLOYEE, AGENT OR REPRESENTATIVE RESPONSIBLE FOR DELIVERING THE E-MAIL TO THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION, COPYING, OR OTHER USE OF THIS E-MAIL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE REPLY IMMEDIATELY TO THE SENDER.




--__--__--

Message: 6
Date: Thu, 19 May 2005 09:01:54 -0300
From: Marc Laporte <[hidden email]>
To:  [hidden email]
Subject: [Tikiwiki-devel] Considerable number of non-Tiki-specific add-on applications
Reply-To: [hidden email]

Hi Denis,

Thanks for your message.

I am very interested. Would it be possible to set up a demo account so we may try out these features?

Thanks!

M ;-)




Verdon, Denis wrote:

> All,
>
> My organization has been using Tiki/CMS for some time now, and have
> been diligently submitting our amendments back to Tiki, in the proper
> spirit of Open Source.
>
> However, there are a considerable number of non-Tiki-specific add-on
> applications, written predominantly in PHP/Javascript, that constitute
> our solution, that we have developed without involvement in Tiki.
> Some example applications include:
>
> 1.  A Galaxia-based software vulnerability management system that
> correlates open-source and commercial software vulnerability
> information into pan-enterprise risk assessments;
>
> 2.  A document signature process that allows for electronic signing of
> legal and compliance documentation; 3.  A fully fledged Learning
> Management System that leverages Tiki's quizing system and the above
> signing process, to track mandatory staff training;
>
> 4.  A fully HTML-based Newsletter function, with HTML template
> functionality, that leverages Tiki's CMS system for building content.
>
> For the most part, these are mainly discreet apps that leverage some
> Tiki functionality.  However, together, this provides a specific
> business solution, one which has attracted attention from a number of
> Financial Services organizations, and for which we are now beginning
> to explore opportunities for wider dissemination.  One opportunity is
> to open-source our code to the community.
>
> I would like to discuss with you ideas you may have for doing so, and
> what role the Tiki/CMS community might play in this initiative.  One
> option may be to roll all of this into its own branch, a "special
> edition" Tiki/CMS package, with the Tiki community playing an active role.
>
> If there is sufficient interest in discussing this, please let me know
> and I will coordinate a conference call.
>
>
> Denis Verdon, Senior Vice President & Head of CISG FNF - Corporate
> Information Security Group Fidelity National Financial 2510 N. Red
> Hill Avenue, Santa Ana CA 92705

> Tel: (949) 221 3252
> Cell: (949) 923 0390
> Email: [hidden email]
> Web: http://www.fnf.com

>
> THIS E-MAIL AND ITS ATTACHMENTS ARE INTENDED ONLY FOR THE USE OF THE
> INDIVIDUAL OR ENTITY WHO IS THE INTENDED RECIPIENT AND MAY CONTAIN
> INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM
> DISCLOSURE OR ANY TYPE OF USE UNDER APPLICABLE LAW. IF THE READER OF
> THIS E-MAIL IS NOT THE INTENDED RECIPIENT, OR THE EMPLOYEE, AGENT OR
> REPRESENTATIVE RESPONSIBLE FOR DELIVERING THE E-MAIL TO THE INTENDED
> RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION,
> DISTRIBUTION, COPYING, OR OTHER USE OF THIS E-MAIL IS STRICTLY
> PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE REPLY
> IMMEDIATELY TO THE SENDER.
>

--
M ;-)

//////////////////////////////////////////////////////////////////
/                                                                /
/ Marc Laporte       <|>                  http://marclaporte.com /
/ Avantech.net       <|>                     http://avantech.net /
/ Tiki CMS/Groupware <|> http://tikiwiki.org/UserPagemarclaporte /
/                                                                /
//////////////////////////////////////////////////////////////////



--__--__--

Message: 7
Date: Thu, 19 May 2005 13:05:28 +0100
From: adam <[hidden email]>
To: [hidden email]
Subject: Re: [Tikiwiki-devel] Important tracker on Username case sensitiveness
Reply-To: [hidden email]

But surely you can lowercase $login in the php before the sql statement?

From another perspective, you could get a "rename user" function almost for free out of the work required to support case-insensitive usernames :-) --=20 Adam

On 5/19/05, Flo Gleixner <[hidden email]> wrote:
>=20
> Unfortunately the tiki database design has some disadvantages. One is, 
>that many data fields are used like key fields what is easy to use and 
>understand but makes some changes almost unamangeable. So renaming a
>user  would need to rename the user in 60 different tables. And there
>are thing=
s
> that depend from the username: the user wiki page, links to this page, 
>notifications to this page ...
>=20
> About lowercasing everything: the problem is, that this only works
>good i=
f
> you have lowercased all the 60 fields in different tables.
>=20
> select * from users_user where lower('SomeFancyUserName')=3Dlogin;
>=20
> can do a index table scan if there is a index, while =20  select *
>from users_user where lower('SomeFancyUserName')=3Dlower(login);
>=20
> has to do a full table scan which can be very very slow.
>=20
> Flo
>=20
> On Thu, 19 May 2005, adam wrote:
>=20
> > You could always just lowercase everything before comparing or
> > writing to the database rather than faffing about with case
> > insensitive searches, or am I missing something?
> >
> > This would also involve a database pass to reset all usernames in
> > the db to their lowercase version, and warn the admin if there were
> > any clashes. The admin can then choose a course of action to deal
> > with the users sharing case-insensitive usernames.
> >
> > Thx,
> > --
> > Adam
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Oracle Space Sweepstakes Want to
> > be the first software developer in space?
> > Enter now for the Oracle Space Sweepstakes!
> > http://ads.osdn.com/?ad_idt12&alloc_id=16344&op=CCk
> > _______________________________________________
> > Tikiwiki-devel mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
> >
>


--__--__--

Message: 8
Date: Thu, 19 May 2005 14:26:35 +0200 (CEST)
From: Flo Gleixner <[hidden email]>
To: [hidden email]
Subject: Re: [Tikiwiki-devel] Important tracker on Username case sensitiveness
Reply-To: [hidden email]


Uh, sorry, i should have written the queries like this:

$login=lower('SomeFancyUserName');

index scan:
select * from users_users where login='somefancyusername';

full table scan:
select * from users_users where lower(login)='somefancyusername';

Example:
create index i_u_u on users_users(login); (why is there no index?)

mysql> explain select * from users_users where
mysql> login='somefancyusername';
+-------------+------+---------------+-------+---------+-------+------+-------------+
| table       | type | possible_keys | key   | key_len | ref   | rows | Extra       |
+-------------+------+---------------+-------+---------+-------+------+-------------+
| users_users | ref  | i_u_u         | i_u_u |      40 | const |    1 | Using where |
+-------------+------+---------------+-------+---------+-------+------+-------------+
1 row in set (0.00 sec)

mysql> explain select * from users_users where
mysql> lower(login)='somefancyusername';
+-------------+------+---------------+------+---------+------+------+-------------+
| table       | type | possible_keys | key  | key_len | ref  | rows | Extra       |
+-------------+------+---------------+------+---------+------+------+-------------+
| users_users | ALL  | NULL          | NULL |    NULL | NULL |   11 | Using where |
+-------------+------+---------------+------+---------+------+------+-------------+
1 row in set (0.04 sec)


so a lower() in php does not help if you need a lower() in the sql query.
Oracle has function based indexes. There you could create a index that is optimized for a lower() query. But who uses Oracle for Tiki?

Flo

On Thu, 19 May 2005, adam wrote:

> But surely you can lowercase $login in the php before the sql statement?
>


--__--__--

Message: 9
Date: Thu, 19 May 2005 13:40:12 +0100
From: adam <[hidden email]>
To: [hidden email]
Subject: Re: [Tikiwiki-devel] Important tracker on Username case sensitiveness
Reply-To: [hidden email]

Ah. Right.

I think you're meaning
$login=3Dlower('SomeFancyUserName');
$sql=3D"select * from users_users where lower(login)=3D$login";

?

In which case, as I said, the database must be updated first so that all the usernames in the database are lowercased. Otherwise you could end up getting two or more rows when you're expecting one...

But once the database has been updated (and everything which writes to the database, natch), you can do away with the lower() in the sql, ending up with

$login=3Dlower('SomeFancyUserName');
$sql=3D"select * from users_users where login=3D$login";

It still means that all the code pertaining to usernames in the database must be updated, but I can't see how this can be avoided.

--=20
Adam

On 5/19/05, Flo Gleixner <[hidden email]> wrote:
>=20
> Uh, sorry, i should have written the queries like this:
>=20
> $login=3Dlower('SomeFancyUserName');
>=20
> index scan:
> select * from users_users where login=3D'somefancyusername'; =20  full
>table scan:
> select * from users_users where lower(login)=3D'somefancyusername';
>=20
> Example:
> create index i_u_u on users_users(login);  (why is there no index?)
>=20
> mysql> explain select * from users_users where
> mysql> login=3D'somefancyusername=
';
> +-------------+------+---------------+-------+---------+-------+------+--=
-----------+
> | table       | type | possible_keys | key   | key_len | ref   | rows | E=
xtra       |
> +-------------+------+---------------+-------+---------+-------+------+--=
-----------+
> | users_users | ref  | i_u_u         | i_u_u |      40 | const |    1 | U=
sing where |
> +-------------+------+---------------+-------+---------+-------+------+--=
-----------+
> 1 row in set (0.00 sec)
>=20
> mysql> explain select * from users_users where
> mysql> lower(login)=3D'somefancyu=
sername';
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+=
---------+
> | table       | type | possible_keys | key  | key_len | ref  | rows | Ext=
ra       |
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+=
---------+
> | users_users | ALL  | NULL          | NULL |    NULL | NULL |   11 | Usi=
ng where |
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+-
> +-------------+------+---------------+------+---------+------+------+=
---------+
> 1 row in set (0.04 sec)
>=20
>=20
> so a lower() in php does not help if you need a lower() in the sql query.
> Oracle has function based indexes. There you could create a index that
>is  optimized for a lower() query. But who uses Oracle for Tiki?
>=20
> Flo
>=20
> On Thu, 19 May 2005, adam wrote:
>=20
> > But surely you can lowercase $login in the php before the sql
> > statement=
?
> >


--__--__--

Message: 10
Date: Thu, 19 May 2005 14:20:02 +0100
From: "David R. Newman" <[hidden email]>
Organization: QUB
To:  [hidden email]
Subject: Re: [Tikiwiki-devel] Important tracker on Username case sensitiveness
Reply-To: [hidden email]

adam wrote:

> $login=lower('SomeFancyUserName');

Will this work in languages that use multi-byte character sets?
Or will lower() completely mess up Chinese, Japanese and so on?

--
Dr. David R. Newman, Queen's University Belfast, School of Management and Economics, Belfast BT7 1NN, Northern Ireland (UK) Tel. +44 28 9097 3643 FAX: +44 28 9097 5156 [hidden email] http://www.qub.ac.uk/mgt/



--__--__--

_______________________________________________
Tikiwiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


End of Tikiwiki-devel Digest