On 09/14/2012 11:23 AM, Alex Rousskov wrote:
>>> Each approach differs in how it addresses backward compatibility:
>>> >>
>>> >>
>>> >> 0) Screw backward compatibility and just start interpreting "quoted
>>> >> strings" in ACL values as such. We can minimize breakage by detecting
>>> >> unusual patterns such as quotes"in"the"middle and
>>> >> "/quotes/without/any/spaces", treating them as the old parser would
>>> >> (with a warning). We can also refuse to honor more than one value per
>>> >> ACL when a value is quoted. Very few old configurations will be broken
>>> >> by this, but I bet there will be some!
>>> >>
>>> >> # this will work OK
>>> >> acl badOne1 user_cert CN "Bad Guy"
>>> >>
>>> >> # this will also work as before, with a warning
>>> >> acl badOnes user_cert CN "/var/share/bad.guys"
>>> >>
>>> >> # this will be silently broken
>>> >> acl badOnes user_cert CN "/var/share/my bad guys list"
>>> >>
>>> >> # new file loading syntax required here:
>>> >> acl badOnes user_cert CN file:"/var/share/my bad guys list"
>> >
>> > I vote for this, with a few more changes that will reduce the breakages.
> Interesting. I did not expect much support for this, but two out of
> three responses so far suggest this approach, essentially. When the dust
> settles, perhaps we should post to squid-users as well to get more feedback?
I do not like any solution that breaks things silently since it will
give you frustrated admins looking hours for solutions to a problem,
years of questions on the mailing list and many references
to a new FAQ section.
I think that admins are responsible for the configuration of Squid and that
Squid does not need a "clever" parser to guess what an admin wants.
Therefore I prefer option 2 (configuration_value_parser quoted_strings).
And with support for escaping quotes with a backslash.
Marcus
Received on Sun Sep 16 2012 - 15:12:12 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 17 2012 - 12:00:06 MDT