Hi, I just lost half of my hair chasing for hours an obscure bug which finally lead me to beaker_cache after studying my app's, Paste's wsgiwrappers, Pylons' controllers and half of the standard library's source (well, that last part was a bit exaggerated ;), please keep this in mind when I enter....
<rant mode> The docstring for the beaker_cache says: "Cache decorator utilizing Beaker. Caches action or other function that returns a pickle-able object as a result." This lead me to believe that I could happily use this decorator to cache DB querying functions and the like (the "or other function" part). However, beaker_cache will happily smash any cookies, headers and status of the current response with the ones present the first time the cached function was called! This makes perfect sense when caching a controller method BUT NOT any "other function". Besides being counter-intuitive, this is a BIG security issue if sensitive cookies are happily cached and served every time the cached function in a request context. Of course, this would never happen if the decorator decorates a controller action since it would be taken in mind, but if it was used to just cache an expensive function, say, to construct a side bar with links parsed from an external rss feed, which is served both to authenticated and unauthenticated users, then it is possible that very bad things can happen. </rant mode> A simple rewording (and possibly a warning) in the docstring should solve this... and a non-global-state-altering version would be absolutely superb :) Alberto --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en -~----------~----~----~----~------~----~------~--~---
