Thread: Re: [HACKERS] proposal: session server side variables

Re: [HACKERS] proposal: session server side variables

From
Fabien COELHO
Date:
[Oops, resent, wrong from address, please accept my apologies]

Hello Pavel,

> There are two concepts - both can be implemented, and used (can be used
> together).

That is one point I would like to ascertain clearly and explicitely, so having 
various designs side by side, eg in the wiki page, would help if and where they 
interact.

The second point I am keen on discussing is how the proposed designs provide a 
solution to different use cases, and at what cost.

I've added sections about use cases (I have listed 3) and how they could be 
supported in the wiki page.

> Both these concepts has some advantage and some disadvantages. It is hard to 
> expect, so there is possible full agreement - because everybody has different 
> preferences.

Sure.

> I understand so for you can be your proposal more readable, but for me,
> your design of usage and security looks not well.

Yep, there are pros and cons to all proposals. I wish they are listed 
somewhere, and possibly discussed, because some pros/cons depends on some 
detailed features.

> It is acceptable without PRIVATE flags and similar flags. It is not designed 
> be secure.

Indeed. I've taken this point somehow into account and changed my proposal so 
that session variables are private by default, and now I'm not even sure that 
there should exist public session variables at all...

> (MySQL has nothing similar, I don't know if MSSQL has some, but probably 
> not). Ok. We have different priorities. For you is not usual so in one 
> session there can be more more times switch of secure context. It is usual 
> for me, and for applications what I write.

I have added a section in the wiki to present succintely existing stuff in 
other products.

>> Could you put your ideal (final) design proposition on the wiki page?
> yes, I'll do it.

Good!

-- 
Fabien.