Yesterday I stumbled upon an interesting and broken behaviour of Django: Running two instances with the same memcached as cache backend might result in displaying the wrong template from the cache in case we have template files with the same name but a different content.
This behaviour is also visible in all django applications which use the cache backend without taking care of settings.CACHE_MIDDLEWARE_KEY_PREFIX. As mentioned in the bug report a design decision is necessary here, as the setting was only supposed to be used in middlewares. On the other side not honouring the setting everywhere makes it impossible to use different (unrelated) Django instances with one memcached. While this is not such a big issue for template data, it should be - for example - possible to insert faked django CMS user permissions into memcached as they are cached there, too.
One possible solution is to ensure that settings.CACHE_MIDDLEWARE_KEY_PREFIX (or a similar setting with a better name) is used for every access. Using the following snippet as custom cache backend ensures this. Additionally it is much harder to insert faked cache content by using a md5 hexdigest as key. Although you should never store sensitive data in memcached - if you need to cache such data, use locmem, file or db as cache backend, as they allow to limit access to the data properly.
from django.conf import settings
from django.core.cache.backends.memcached import CacheClass as DjangoMemcachedCacheClass
from django.utils.hashcompat import md5_constructor
class CacheClass(DjangoMemcachedCacheClass):
def __init__(self, server, params):
self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
super(CacheClass, self).__init__(server, params)
def _genkey(self, origkey):
return md5_constructor("%s:%s" %(self.key_prefix, origkey)).hexdigest()
def add(self, key, value, timeout=0):
return super(CacheClass, self).add(self._genkey(key), value, timeout)
def get(self, key, default=None):
return super(CacheClass, self).get(self._genkey(key), default)
def set(self, key, value, timeout=0):
return super(CacheClass, self).set(self._genkey(key), value, timeout)
def delete(self, key):
return super(CacheClass, self).delete(self._genkey(key))
def get_many(self, keys):
return super(CacheClass, self).get_many(self._genkey(key))
def incr(self, key, delta=1):
return super(CacheClass, self).incr(self._genkey(key), delta)
def decr(self, key, delta=1):
return super(CacheClass, self).decr(self._genkey(key), delta)
Some of the participants of the BSP here in Mönchengladbach asked me to put the blog post from blog.credativ.com on planet Debian. I think thats a great idea as the BSP was not only successfull, but also a lot of fun and it was very nice to meet a lot of Debian Developers and package maintainers. We were glad that so many people followed the invitation! So here we go - please leave your comments at the original blog post.
The 2010 Debian Bug Squashing Party turned out to be a great success: around 200 bugs were fixed, ready for the forthcoming version of Debian.
The weekend of 22-24 January saw this year’s Bug Squashing Party hosted yet again by credativ. The aim of the weekend was to find and fix bugs in the next Debian release. The results were as follows:
| Work on Debian | Results |
|---|---|
| Installed Patches | 5 |
| Fixed Bugs | 44 |
| Non-critical Bugs | 28 |
| Completely removed Packages | 87 |
| Packages removed from Testing | 29 |
Altogether that gives a grand total of 200 bugs. In addition, information was gathered on a further 100 bugs, which will help when they come to be fixed. A lot of time was also spent on quality assurance, an under appreciated but very important job.
More gossip: it is rumoured that backports.org is not far off becoming an official Debian project… and in the meantime it will be launching a brand new website running on ikiwiki.
Our “guests” from far and wide were more than happy with the BSP party:
Steve McIntyre: (Debian project leader)
Thanks to the folks at credativ for hosting and participating in the BSP - we got a huge amount of work done towards the next release and had a great time doing it!
Stefano Zacchiroli:
My 1st Mönchengladbach BSP, won’t be the last! Lots of cool people and hacking, and I’ve enjoyed my 1st “traditional” Formorer’s chilli too :).
credativ would like to thank all those who came and got involved - now you can lean back, relax and enjoy the photos of the event.
As the release of version 0.15 of Merkaartor (a map editor for OpenStreetMap.org) is planned for the end of February, I've uploaded a svn snapshot based on revision 19956 to Debian experimental. Please test it and report bugs to the BTS as soon as possible, so I can triage and forward them to upstream.