Changes   [plain text]

Revision history for ApacheDBI.

1.06 03/23/2007
  - MP2/AuthDBI: Fixed Apache::AuthDBI::debug() to 
    actually work.
    Submitted by: [Kevin Appel <>]

  - Bump minium required perl version to 5.6.1 to match DBI
    (Changes in DBI 1.49 (svn rev 2287),   29th November 2005)
    Philip M. Gollucci <>

1.05 11/3/2006
  - MP2/AuthDBI: Add missing Apache2::Access
    Submitted by: Adam Prime x443 <>
1.04 10/23/2006
  - MP1: Undefined subroutine &Apache2::Const::OK called at ....
    (The rest of them) d'oh!

  Seconded by: Kjetil Kjernsmo <>
  Submitted by: BOWMANBS <>

1.03 08/21/2006

  - MP1: Undefined subroutine &Apache2::Const::OK called at
    Apache/ line 906. 
    Submitted by: []
    Reviewed by: Kevin A. McGrail (ThoughtWorthy Media, Inc.) 
    avoid a warnings caused by debug statements
    Reported by: Vladimir S. Tikhonjuk <>

1.02 08/02/2006

    s/denug/debug/ typo in Apache::AuthDBI
    Submitted by: Vladimir S. Tikhonjuk <>

1.01 06/04/2006

  - Re-release as non developer release.
    No changes from 1.00_01.
    [Philip M. Gollucci <>]

1.00_01 05/29/2006

  - As DBI has supported only perl 5.6.0 since 2003
    v1.38 Apache::DBI now requires perl 5.6.0 as well.
    [Philip M. Gollucci <>]

  - Fix a plethora of uninitialized variable warnings, 
    general code cleanup, don't import unneeded symbols
    from Carp, Digest::SHA1, and Digest::MD5
    [Philip M. Gollucci <>]

    $sth->rows is inconsistent across DBD::* drivers
    and sometimes always returns 0.  We were using 
    this to distinguish between a blank password and
    no passwd.  Now we don't call this function.

    Reported by: 
    [Philip M. Gollucci <>]
    a fatal error involving mp1, mp2 constants co-existance 
    was fixed in AuthDBI.
    [Philip M. Gollucci <>]

    under mod_perl 2, the check to skip caching connections
    at server startup was broken; thus, causing children
    to incorrectly share dbh handles with the parent.
    Submitted by: 

    a critical return was missing connect() under mod_perl2
    Submitted by:

  - Moved module's repository to its new home in SVN from CVS
    [Philip M. Gollucci <>]

0.9901 08/19/2005

  - Fix the versioning blunder of .100 < .99
    [Philip M. Gollucci <>]

  - Account for the case of mp1 and mp2 installed
    in the same perl tree. The evals were not playing
    nice with modules like Apache::SSI, Apache::SessionManager.
    Sumitted by: [Frank Maas <>]
    Tweaked/reviewed by: [Philip M. Gollucci <>]

0.100 08/10/2005

  - Move $Idx from a file-scoped variable to a connect() scoped
    variable, which gets passed to other subroutines as needed.
    This will ensure that the cleanup/rollback feature will work
    properly when a script uses more than one database handle to the 
    same database.
    [Joe Thomas <>]

  - Fixed issues relating to changing handle state post
    connection.  Handles now returned in same state as original and incomplete
    transactions rolled back before re-issuing handle so.
    Submited by: [Joe Thomas <>]
    Contributed by: [Patrick Mulvany <>]

  - Fix a () bug in the connect() determining whether we must ping
    the database. PingTimeOut = 0 now works as documented.
    Submited by: [Joe Thomas <>]
    Contributed by: [Patrick Mulvany <>]

0.99  08/03/2005

  - Turn off Debugging by default.
    Reported by <>
    [Philip M. Gollucci <>]

0.98	06/30/2005

  - Fix MP2 issue with $Apache::Server::Starting
    Reported by Vincent Moneymaker
    [Philip M. Gollucci <>]

0.97	06/27/2005

  - Fix minor use strict bug in make test
    [Philip M. Gollucci <>]

  - Fixed a bug in salt calculation
    Kevin A. McGrail (ThoughtWorthy Media, Inc.) 

  - Added Auth_DBI_encryption_method configuration.  Supports md5 hex, sha1 hex & crypt and will support fallback.  
    Other encryption methods can be added by modifying the subroutine get_passwds_to_check
	  Kevin A. McGrail (ThoughtWorthy Media, Inc.) 

	- MP2/MP1 Constants compatability fixes in AuthDBI
	  Kevin A. McGrail (ThoughtWorthy Media, Inc.) 

  - Added a feature 'Apache::AuthDBI->setProjID(1)' to set a Shared
   	Memory Project ID when using the shared memory caching.
    Kevin A. McGrail (ThoughtWorthy Media, Inc.) 

  - Fixed an MP2 problem when Debug is set to 2 changing is_main() to main() call
	  Kevin A. McGrail (ThoughtWorthy Media, Inc.) 

  - Added a few more Debug statements including the Semaphore ID in hex to use ipcs
	  Kevin A. McGrail (ThoughtWorthy Media, Inc.) 

0.96	04/19/2005

  - Account for the recent mod_perl2 API renaming
    [Philip M .Gollucci <>]

0.95 04/01/2005

  - Avoid "The object isn't defined" error during "make test" if
    we can't connect to the test database.

0.94	February 17, 2004

  - Fix use of uninitialized value warnings when passed an
	  "undef" attribute (thanks to Trevor Schellhorn)

  - Minor POD cleanups

0.93    January 10, 2004 

  - Always check $dbh->ping if the PingTimeOut is 0.
    (thanks to Dennis Ingram <>)

  - Change $r->connection->user to $r->user to make AuthDBI work
    with mod_perl 2.0 (thanks to Neil MacGregor <>
    and Brian McCauley <>)

  - removes the requirement for IPC::SysV to be installed if you
    don't actually use it. Remove support for mod_perls without
    push_handler support (Thanks to Brian again)

  - improve tests (based on patch from Geoffrey Young
    <>; thanks Geoff!)

0.92	August 11, 2003

  - Avoid use of uninitialized value warning under mod_perl 2.

	- Make the tests compatible with DBI >= 1.33 (thanks to Paul
 	  MacAdam <>)

0.91    February 17, 2003

  - Retagged and released the 0.90_02 beta as 0.91. No code

0.90_02 January 10, 2003

  - Changes to make Apache::DBI load and function under mod_perl
     2.0.  A few important notes: connect_on_init does not work yet
     and there's no automatic RollBack cleanup handler when
     autocommit is turned off.

0.90_01 January 10, 2003

  - Only call Apache::Status if is completely loaded
    (so you can load Apache::DBI outside the mod_perl environment)

  - Make Test::More a prerequisite so we can do real tests

  - Make a prerequisite

  - Add a simple, but real, test script.  Requires DBD::mysql
    and a test database

0.89 June 17, 2002

	- fix bug that occasionally made Apache::DBI connect several
 	  times to the database even when DSN and attributes were the

 	- Updated links and such in the documentation

0.88 January 12, 2001

	- fix bug in child_init: consider 0 as valid result for a
	  semaphore id.

	- remove defined(@array), which is depreceated in perl5.6

0.87 September 28, 1999

	- fix for the usage of the environment variable DBI_DSN 
	  introduced in 0.86 was still incomplete.

0.86 September 27, 1999

	- in AuthDBI remove check of configured data_source in order to allow 
	  the usage of the environment variable DBI_DSN. Bug spotted by 
	  Oleg Bartunov <>.

	- applied patch from Matt Loschert <>,
	  which avoids 'Use of uninitialized value ...' in Apache::DBI.

	- added new attribute 'Auth_DBI_encryption_salt' as proposed by
	  Nathan Clemons <>.
	  Per default this is set to 'password' which will use the password 
	  as salt for the crypt function. Setting this to 'userid' will use 
	  the userid as salt.

	- fixed bug with setting Auth_DBI_nopasswd to 'on', spotted by 
	  "Sigurjon Olafsson" <>.

0.85 August 24, 1999

	- change separator of Auth_DBI_data_source, Auth_DBI_username and 
	  Auth_DBI_password from comma to tilde, in order to avoid clashes 
	  with embedded attributes in data_source. 
	  Bug spotted by Oleg Bartunov <>.

	- applied patch to from Tim Bunce <>
	  which solves the problem that Apache::DBI did not return a ref cursor.

0.84  August 21, 1999

	- combine Apache::AuthenDBI and Apache::AuthzDBI into one package 

	- discard Apache::DebugDBI. Debugging can be enabled by setting 
	  the variables Apache::AuthDBI::DEBUG and Apache::DBI::DEBUG to 
	  appropriate values.

	- the attribute 'Auth_DBI_cache_time' has been discarded. The
	  cache time now has to be configured upon server startup using the
	  method setCacheTime(n).

	- optionally use shared memory for the cache used for authentication
	  and authorization as proposed by Rauznitz Balazs <>. 

	- make the PerlCleanupHandler, which cleans the cache in Apache::AuthDBI, 
	  configurable. Per default it is switched off. 

	- connect attributes for authentication and authorization may be a 
	  list of several servers, all of which will be used until the first 
	  connect succeeds.
	  Proposed by Matt Loschert <>.

	- the PerlCleanupHandler in, which is supposed 
	  to initiate a rollback in case AutoCommit is off, will only be 
	  created, if the initial data_source sets AutoCommit to 0.

	- fixed bug with empty password, which didn't fall through for
	  authoritative = off, spotted by "Graham Johnson" <>.

	- analogous to the environment variables REMOTE_GROUPS and REMOTE_GROUP 
	  the selected passwords and the matched password are put into the 
	  environment variables REMOTE_PASSWORDS and REMOTE_PASSWORD. 
	  Proposed by Jochen Wiedmann <>.

	- add traces.txt, which serves as reference for the debug output. 

0.83  August 08, 1999

	- make ping configurable, proposed by 
	  Gunther Birznieks <>

	- change $user_sent_quoted to $user_sent when checking for 
	  placeholders (Michael Smith <>)

	- bug-fix for encrypted passwords, which have never been taken
	  from the cache. Spotted by Yves BLUSSEAU <>.

0.82  June 03, 1999

	- bug-fix spotted by "Dale Manemann" <>:
	  correct the password handling for the case, where the password has
	  been changed in the database and the old password is still cached.

	- proposal from Honza Pazdziora <>:
	  add PerlCleanupHandler in Apache::DBI, which issues a rollback 
	  unless AutoCommit is on. 

	- changed behavior of AuthzDBI: the first match of a
	  requirement is sufficient for successful authorization.
	  Prior to this release, all requirement lines had to 
	  be fulfilled. 

	- proposal from Rauznitz Balazs <>:
	  new function all_handlers() in Returns 
	  all cached database handles, so that other handlers can 
	  perform tasks on them.

	- proposal from Michael Smith <>: new 
	  configuration option Auth_DBI_placeholder. Setting this 
	  option to true, will use placeholders for the given userid 
	  in the SELECT statements. This will speedup database access. 

	- proposal from "Jordi 'Matematic' Salvat" <>:
	  replace AuthName with a summary of all attributes relevant
	  for the select statements. This still keeps the userid entries
	  in the cache unique, but solves the problem with different 
	  AuthNames which eventually forces the user to authenticate 
	  several times. 

	- new configuration option Auth_DBI_expeditive from
	  "Jordi 'Matematic' Salvat" <>. 
	  When authorization fails, AuthzDBI returns AUTH_REQUIRED
	  as default. With Auth_DBI_expeditive set to "on" it returns
	  FORBIDDEN if access is denied. Hence this can be distinguished 
	  from the case, where the user just mistyped the password.

	- applied patch from Ask Bjoern Hansen <>:
	  get rid of some annoying "Use of uninitialized value ..."

	- applied patch from Joshua Chamas <>:
	  use eval{ping} to prevent using an invalid database handle.

	- added 'use Apache;' to as proposed by
    Michael Smith <>.

	- implemented multiple passwords per userid as proposed by
	  dan hammer <>.

	- applied patch for case-insensitive user-ids from 

	- implement proposal from Honza Pazdziora <>:
	  Auth_DBI_casesensitive replaced by Auth_DBI_uidcasesensitive and 

	- applied patch from (Frank D. Cringle):
	  prevent "Use of uninitialized value warning" in error.log.

	- work-around for mod_perl problem spotted by Mike Hayward 
	  <>: when building mod_perl as dso, Apache::DBI 
	  was always skipping the connection cache.

0.81  Sep 08, 1998

	- Cache entries consider the AuthName to distinguish 
	  between identical user-ids in different authorization 

0.80  Jul 26, 1998

	- applied patch from Anto Prijosoesilo <>:
	  change second argument for crypt function from $salt
	  to $passwd in order to be compatible with BSD.

	- applied patch for from Randy Harmon 
	  <>: reject database connect 
	  during server startup.

	- call CleanupHandler in Authen DBI and AuthzDBI only if 
	  cache_time is configured.

0.79  Jun 06, 1998

	- implemented a simple caching mechanism in AuthenDBI as 
	  well as in AuthzDBI. Per default this cache is disabled 
	  and can be enabled by setting Auth_DBI_cache_time > 0. 
	  YOU NEED AT LEAST VERSION apache_1.3b6 !

	- applied patch from Jeff Baker <>
	  fix menu item for DBI connections that are made using 
	  the Oracle TNS listener.

	- implemented proposal from Leslie Mikesell <les@Mcs.Net>
	  change group-handling in AuthzDBI. All groups related to
	  the given user are selected at once and then put into a 
	  comma-separated list. This list is compared with the 
	  required groups. 
	  Depending upon the existence of Auth_DBI_grp_table, the 
	  SQL-select looks either in the pwd_table or in the 
	  grp_table for the groupid. PLEASE CHECK THE MODULE 

0.78  February 18, 1998

  - applied patch from "B. W. Fitzpatrick" <>
    DBI calls connect always with 4 parameters, even if they
    are empty. This results in an error with DBD-Informix.

  - added '$dbh->disconnect' before 'return SERVER_ERROR;'
    ( <Fyodor Krasnov>).

  - added optional where-clause in AuthenDBI as well as
    in AuthzDBI (Helmut Patay <>).

0.77 January 18, 1998

  - applied patches from Doug MacEachern:
    o new method  Apache::DBI->connect_on_init()
    o set environment variable REMOTE_GROUP in

0.76 December 18, 1997

	- removed unused variable from

0.75 November 02, 1997

	- strip trailing blanks from password for 
	  fixed-length data type

	- new token: 'Auth_DBI_casesensitive'
    fixed bug when using attributes in connect method
    fixed bug which appeared with perl5.004_04
	  (Hakan Tandogan <>

0.74 August 15, 1997

  - new module: AuthzDBI for Authorization,
  (supports group authorization)

  - complete rewrite of AuthenDBI.

  - configuration directives and functionality 
    of both modules are supposed to be identical
    with mod_auth_msql of the apache daemon.

  - adapted to new DBI connect syntax

  - changed names of config vars to be more
    consistent with other authentication modules.

0.73 July 15, 1997

	- fixed bug in check return value of connect

0.72 July 13, 1997

	- added logging option to AuthenDBI

0.71 July 01, 1997

	- debugging is now controlled by a global variable

0.7  July 01, 1997

	- changed the way of initiating debug output

0.6  May 20, 1997

	- fixed bug which caused a disconnect with some 
          DBD-drivers (Oracle,...)

0.5  May 16, 1997

	- applied patches from Stephen E Kane <>

0.4  May 13, 1997

	- fixed check for first internal request in

0.3  May  5, 1997

	- make AuthenDBI to be a separate module 
	- adapt to new DBI, so code changes are not 
	  required anymore for persistent connections

0.2  Apr  6, 1997

	- unused methods deleted

	- AuthenDBI integrated

  - method for disconnect added

	- menu item for Apache::Status added

0.1   Mar 15, 1997

	- creation