Revision history for ApacheDBI. 1.08 1.07 05/09/2008 - http://rt.cpan.org/Public/Bug/Display.html?id=31003 Submitted by: diafour@gmail.com Tweaked by: Philip M. Gollucci - http://rt.cpan.org/Public/Bug/Display.html?id=29209 PerlCleanupHandler doesn't get called with MP2 Submitted by: nick.aevum.de - http://rt.cpan.org/Public/Bug/Display.html?id=28824 Documentation Additions Submitted by: [Perrin Harkins ] 1.06 03/23/2007 - MP2/AuthDBI: Fixed Apache::AuthDBI::debug() to actually work. Submitted by: [Kevin Appel ] - Bump minium required perl version to 5.6.1 to match DBI (Changes in DBI 1.49 (svn rev 2287), 29th November 2005) Philip M. Gollucci 1.05 11/3/2006 - MP2/AuthDBI: Add missing Apache2::Access Submitted by: Adam Prime x443 1.04 10/23/2006 - MP1: Undefined subroutine &Apache2::Const::OK called at .... (The rest of them) d'oh! Seconded by: Kjetil Kjernsmo Submitted by: BOWMANBS 1.03 08/21/2006 - MP1: Undefined subroutine &Apache2::Const::OK called at Apache/AuthDBI.pm line 906. Submitted by: [Philip.Garrett@manheim.com] Reviewed by: Kevin A. McGrail (ThoughtWorthy Media, Inc.) - http://rt.cpan.org/Ticket/Display.html?id=20809 avoid a warnings caused by debug statements Reported by: Vladimir S. Tikhonjuk 1.02 08/02/2006 - http://rt.cpan.org/Ticket/Display.html?id=20808 s/denug/debug/ typo in Apache::AuthDBI Submitted by: Vladimir S. Tikhonjuk 1.01 06/04/2006 - Re-release as non developer release. No changes from 1.00_01. [Philip M. Gollucci ] 1.00_01 05/29/2006 - As DBI has supported only perl 5.6.0 since 2003 v1.38 Apache::DBI now requires perl 5.6.0 as well. [Philip M. Gollucci ] - Fix a plethora of uninitialized variable warnings, general code cleanup, don't import unneeded symbols from Carp, Digest::SHA1, and Digest::MD5 [Philip M. Gollucci ] - http://rt.cpan.org/Ticket/Display.html?id=17073 $sth->rows is inconsistent across DBD::* drivers and sometimes always returns 0. We were using this to distinguish between a blank password and no passwd. Now we don't call this function. Reported by: rkimmelmann@web.de [Philip M. Gollucci ] - http://rt.cpan.org/Ticket/Display.html?id=17422 a fatal error involving mp1, mp2 constants co-existance was fixed in AuthDBI. [Philip M. Gollucci ] - http://rt.cpan.org/Ticket/Display.html?id=17446 under mod_perl 2, the check to skip caching connections at server startup was broken; thus, causing children to incorrectly share dbh handles with the parent. Submitted by: clinton@traveljury.com - http://rt.cpan.org/Ticket/Display.html?id=19491 a critical return was missing connect() under mod_perl2 Submitted by: perrin@elem.com - Moved module's repository to its new home in SVN from CVS http://svn.perl.org/modules/Apache-DBI [Philip M. Gollucci ] 0.9901 08/19/2005 - Fix the versioning blunder of .100 < .99 [Philip M. Gollucci ] - Account for the case of mp1 and mp2 installed in the same perl tree. The evals were not playing nice with modules like Apache::SSI, Apache::SessionManager. Sumitted by: [Frank Maas ] Tweaked/reviewed by: [Philip M. Gollucci ] 0.100 08/10/2005 - Move $Idx from a file-scoped variable to a connect() scoped variable, which gets passed to other subroutines as needed. This will ensure that the cleanup/rollback feature will work properly when a script uses more than one database handle to the same database. [Joe Thomas ] - Fixed issues relating to changing handle state post connection. Handles now returned in same state as original and incomplete transactions rolled back before re-issuing handle so. Submited by: [Joe Thomas ] Contributed by: [Patrick Mulvany ] - Fix a () bug in the connect() determining whether we must ping the database. PingTimeOut = 0 now works as documented. Submited by: [Joe Thomas ] Contributed by: [Patrick Mulvany ] 0.99 08/03/2005 - Turn off Debugging by default. Reported by [Philip M. Gollucci ] 0.98 06/30/2005 - Fix MP2 issue with $Apache::Server::Starting Reported by Vincent Moneymaker vbmonymaker@hotmail.com [Philip M. Gollucci ] 0.97 06/27/2005 - Fix minor use strict bug in make test [Philip M. Gollucci ] - Fixed a bug in salt calculation Kevin A. McGrail (ThoughtWorthy Media, Inc.) - Added Auth_DBI_encryption_method configuration. Supports md5 hex, sha1 hex & crypt and will support fallback. Other encryption methods can be added by modifying the subroutine get_passwds_to_check Kevin A. McGrail (ThoughtWorthy Media, Inc.) - MP2/MP1 Constants compatability fixes in AuthDBI Kevin A. McGrail (ThoughtWorthy Media, Inc.) - Added a feature 'Apache::AuthDBI->setProjID(1)' to set a Shared Memory Project ID when using the shared memory caching. Kevin A. McGrail (ThoughtWorthy Media, Inc.) - Fixed an MP2 problem when Debug is set to 2 changing is_main() to main() call Kevin A. McGrail (ThoughtWorthy Media, Inc.) - Added a few more Debug statements including the Semaphore ID in hex to use ipcs Kevin A. McGrail (ThoughtWorthy Media, Inc.) 0.96 04/19/2005 - Account for the recent mod_perl2 API renaming [Philip M .Gollucci ] 0.95 04/01/2005 - Avoid "The object isn't defined" error during "make test" if we can't connect to the test database. 0.94 February 17, 2004 - Fix use of uninitialized value warnings when passed an "undef" attribute (thanks to Trevor Schellhorn) - Minor POD cleanups 0.93 January 10, 2004 - Always check $dbh->ping if the PingTimeOut is 0. (thanks to Dennis Ingram ) - Change $r->connection->user to $r->user to make AuthDBI work with mod_perl 2.0 (thanks to Neil MacGregor and Brian McCauley ) - removes the requirement for IPC::SysV to be installed if you don't actually use it. Remove support for mod_perls without push_handler support (Thanks to Brian again) - improve tests (based on patch from Geoffrey Young ; thanks Geoff!) 0.92 August 11, 2003 - Avoid use of uninitialized value warning under mod_perl 2. - Make the tests compatible with DBI >= 1.33 (thanks to Paul MacAdam ) 0.91 February 17, 2003 - Retagged and released the 0.90_02 beta as 0.91. No code changes. 0.90_02 January 10, 2003 - Changes to make Apache::DBI load and function under mod_perl 2.0. A few important notes: connect_on_init does not work yet and there's no automatic RollBack cleanup handler when autocommit is turned off. 0.90_01 January 10, 2003 - Only call Apache::Status if Apache.pm is completely loaded (so you can load Apache::DBI outside the mod_perl environment) - Make Test::More a prerequisite so we can do real tests - Make DBI.pm a prerequisite - Add a simple, but real, test script. Requires DBD::mysql and a test database 0.89 June 17, 2002 - fix bug that occasionally made Apache::DBI connect several times to the database even when DSN and attributes were the same. - Updated links and such in the documentation 0.88 January 12, 2001 - fix bug in child_init: consider 0 as valid result for a semaphore id. - remove defined(@array), which is depreceated in perl5.6 0.87 September 28, 1999 - fix for the usage of the environment variable DBI_DSN introduced in 0.86 was still incomplete. 0.86 September 27, 1999 - in AuthDBI remove check of configured data_source in order to allow the usage of the environment variable DBI_DSN. Bug spotted by Oleg Bartunov . - applied patch from Matt Loschert , which avoids 'Use of uninitialized value ...' in Apache::DBI. - added new attribute 'Auth_DBI_encryption_salt' as proposed by Nathan Clemons . Per default this is set to 'password' which will use the password as salt for the crypt function. Setting this to 'userid' will use the userid as salt. - fixed bug with setting Auth_DBI_nopasswd to 'on', spotted by "Sigurjon Olafsson" . 0.85 August 24, 1999 - change separator of Auth_DBI_data_source, Auth_DBI_username and Auth_DBI_password from comma to tilde, in order to avoid clashes with embedded attributes in data_source. Bug spotted by Oleg Bartunov . - applied patch to Apache::DBI.pm from Tim Bunce which solves the problem that Apache::DBI did not return a ref cursor. 0.84 August 21, 1999 - combine Apache::AuthenDBI and Apache::AuthzDBI into one package Apache::AuthDBI. - discard Apache::DebugDBI. Debugging can be enabled by setting the variables Apache::AuthDBI::DEBUG and Apache::DBI::DEBUG to appropriate values. - the attribute 'Auth_DBI_cache_time' has been discarded. The cache time now has to be configured upon server startup using the method setCacheTime(n). - optionally use shared memory for the cache used for authentication and authorization as proposed by Rauznitz Balazs . - make the PerlCleanupHandler, which cleans the cache in Apache::AuthDBI, configurable. Per default it is switched off. - connect attributes for authentication and authorization may be a list of several servers, all of which will be used until the first connect succeeds. Proposed by Matt Loschert . - the PerlCleanupHandler in Apache::DBI.pm, which is supposed to initiate a rollback in case AutoCommit is off, will only be created, if the initial data_source sets AutoCommit to 0. - fixed bug with empty password, which didn't fall through for authoritative = off, spotted by "Graham Johnson" . - analogous to the environment variables REMOTE_GROUPS and REMOTE_GROUP the selected passwords and the matched password are put into the environment variables REMOTE_PASSWORDS and REMOTE_PASSWORD. Proposed by Jochen Wiedmann . - add traces.txt, which serves as reference for the debug output. 0.83 August 08, 1999 - make ping configurable, proposed by Gunther Birznieks - change $user_sent_quoted to $user_sent when checking for placeholders (Michael Smith ) - bug-fix for encrypted passwords, which have never been taken from the cache. Spotted by Yves BLUSSEAU . 0.82 June 03, 1999 - bug-fix spotted by "Dale Manemann" : correct the password handling for the case, where the password has been changed in the database and the old password is still cached. - proposal from Honza Pazdziora : add PerlCleanupHandler in Apache::DBI, which issues a rollback unless AutoCommit is on. - changed behavior of AuthzDBI: the first match of a requirement is sufficient for successful authorization. Prior to this release, all requirement lines had to be fulfilled. - proposal from Rauznitz Balazs : new function all_handlers() in Apache::DBI.pm. Returns all cached database handles, so that other handlers can perform tasks on them. - proposal from Michael Smith : new configuration option Auth_DBI_placeholder. Setting this option to true, will use placeholders for the given userid in the SELECT statements. This will speedup database access. - proposal from "Jordi 'Matematic' Salvat" : replace AuthName with a summary of all attributes relevant for the select statements. This still keeps the userid entries in the cache unique, but solves the problem with different AuthNames which eventually forces the user to authenticate several times. - new configuration option Auth_DBI_expeditive from "Jordi 'Matematic' Salvat" . When authorization fails, AuthzDBI returns AUTH_REQUIRED as default. With Auth_DBI_expeditive set to "on" it returns FORBIDDEN if access is denied. Hence this can be distinguished from the case, where the user just mistyped the password. - applied patch from Ask Bjoern Hansen : get rid of some annoying "Use of uninitialized value ..." - applied patch from Joshua Chamas : use eval{ping} to prevent using an invalid database handle. - added 'use Apache;' to Apache::DBI.pm as proposed by Michael Smith . - implemented multiple passwords per userid as proposed by dan hammer . - applied patch for case-insensitive user-ids from . - implement proposal from Honza Pazdziora : Auth_DBI_casesensitive replaced by Auth_DBI_uidcasesensitive and Auth_DBI_pwdcasesensitive. - applied patch from fdc@cliwe.ping.de (Frank D. Cringle): prevent "Use of uninitialized value warning" in error.log. - work-around for mod_perl problem spotted by Mike Hayward : when building mod_perl as dso, Apache::DBI was always skipping the connection cache. 0.81 Sep 08, 1998 - Cache entries consider the AuthName to distinguish between identical user-ids in different authorization realms. 0.80 Jul 26, 1998 - applied patch from Anto Prijosoesilo : change second argument for crypt function from $salt to $passwd in order to be compatible with BSD. - applied patch for Apache::DBI.pm from Randy Harmon : reject database connect during server startup. - call CleanupHandler in Authen DBI and AuthzDBI only if cache_time is configured. 0.79 Jun 06, 1998 - implemented a simple caching mechanism in AuthenDBI as well as in AuthzDBI. Per default this cache is disabled and can be enabled by setting Auth_DBI_cache_time > 0. YOU NEED AT LEAST VERSION apache_1.3b6 ! - applied patch from Jeff Baker fix menu item for DBI connections that are made using the Oracle TNS listener. - implemented proposal from Leslie Mikesell change group-handling in AuthzDBI. All groups related to the given user are selected at once and then put into a comma-separated list. This list is compared with the required groups. Depending upon the existence of Auth_DBI_grp_table, the SQL-select looks either in the pwd_table or in the grp_table for the groupid. PLEASE CHECK THE MODULE DOCUMENTATION AND YOUR .htaccess ! 0.78 February 18, 1998 - applied patch from "B. W. Fitzpatrick" DBI calls connect always with 4 parameters, even if they are empty. This results in an error with DBD-Informix. - added '$dbh->disconnect' before 'return SERVER_ERROR;' (fyodor@mp.aha.ru ). - added optional where-clause in AuthenDBI as well as in AuthzDBI (Helmut Patay ). 0.77 January 18, 1998 - applied patches from Doug MacEachern: o new method Apache::DBI->connect_on_init() o set environment variable REMOTE_GROUP in AuthzDBI.pm. 0.76 December 18, 1997 - removed unused variable from AuthzDBI.pm 0.75 November 02, 1997 - strip trailing blanks from password for fixed-length data type - new token: 'Auth_DBI_casesensitive' fixed bug when using attributes in connect method fixed bug which appeared with perl5.004_04 (Hakan Tandogan 0.74 August 15, 1997 - new module: AuthzDBI for Authorization, (supports group authorization) - complete rewrite of AuthenDBI. - configuration directives and functionality of both modules are supposed to be identical with mod_auth_msql of the apache daemon. - adapted to new DBI connect syntax - changed names of config vars to be more consistent with other authentication modules. PLEASE ADAPT YOUR CONFIGURATION !!! 0.73 July 15, 1997 - fixed bug in DBI.pm: check return value of connect 0.72 July 13, 1997 - added logging option to AuthenDBI 0.71 July 01, 1997 - debugging is now controlled by a global variable 0.7 July 01, 1997 - changed the way of initiating debug output 0.6 May 20, 1997 - fixed bug which caused a disconnect with some DBD-drivers (Oracle,...) 0.5 May 16, 1997 - applied patches from Stephen E Kane 0.4 May 13, 1997 - fixed check for first internal request in AuthenDBI.pm 0.3 May 5, 1997 - make AuthenDBI to be a separate module - adapt to new DBI, so code changes are not required anymore for persistent connections 0.2 Apr 6, 1997 - unused methods deleted - AuthenDBI integrated - method for disconnect added - menu item for Apache::Status added 0.1 Mar 15, 1997 - creation