[Code] Fwd: python-openid server thread-safe methods?

Attila-Mihaly Balazs dify.ltd at gmail.com
Thu Sep 12 16:26:18 UTC 2013 

Sorry for not being clear.

The way we use it can be replicated in any Python environment. To sum it up:

- if you use one openid.Server per thread (by using threadlocal for example)
- and your Store implementation is threadsafe (gaecache.MemcacheStore is)

then you should be safe when using the library in a multithreaded
environment (again, we didn't actually review 100% of the code, but it has
been in production for more than two years with this setup and we've seen
no problems with it).

Regards,
Attila


On Wed, Sep 11, 2013 at 9:09 PM, michail alexakis <
alexakis at imis.athena-innovation.gr> wrote:

> Hello Atilla and thanks for your response!
>
> Unfortunately, i dont have the option to deploy under the GAE or use any
> GAE-specific libraries.
> There is a way to force the openid.Server instances to be thread-local but
> this won't be adequate
> if the storage level is not functioning in an thread-safe manner.
> Well, my question had more to do with the openid.Server being inherently
> safe, i.e. managing to
> maintain all it's state in a isolated thread-safe store.
>
> Kind regards, Michail
>
>
>
>
> On Wed, Sep 11, 2013 at 2:28 PM, Attila-Mihaly Balazs <dify.ltd at gmail.com>wrote:
>
>> Hi,
>>
>> We are using the python openid on GAE with the threaded python27 runtime
>> and we didn't see any problems with it. We use the gaecache.MemcacheStore
>> as store and a separate instance of openid.Server per thread (using
>> threadlocal).
>>
>> Regards,
>> Attila
>>
>>
>> On Wed, Sep 11, 2013 at 10:15 AM, michail alexakis <
>> alexakis at imis.athena-innovation.gr> wrote:
>>
>>> Hello to all
>>>
>>> I have posted the same question yesterday, but since i was a
>>> non-subscribed user, it probably
>>> got automatically rejected. So, i re-send my question verbatim, and i
>>> apologize for the duplicate:
>>>
>>> I am using the server component (OP provider) from the python-openid
>>> library (class openid.server.server:Server)
>>> inside a (Pylons-based) web application that spawns about 5-10 threads
>>> for serving requests.
>>>
>>> To be precise, the following methods are invoked in several places:
>>>
>>> Server.decodeRequest
>>> Server.handleRequest
>>> Server.encodeResponse
>>>
>>> Can i assume that these calls are thread-safe?
>>> I suppose that if these methods alter the inner state of the Server's
>>> instance, then it's a matter of time (and traffic)
>>> to see unpredictable behavior.
>>> Shall i wrap all these methods (maybe a proxy object) and implement my
>>> own locking?
>>>
>>> Another similar question is how safe is the store mechanism? The docs
>>> state that the FileStore class is reasonably safe.
>>>
>>> Τhanks for your time!
>>>
>>> Michail Alexakis,
>>> Software engineer, Athens, Greece
>>>
>>>
>>> _______________________________________________
>>> Code mailing list
>>> Code at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-code
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20130912/6745fec2/attachment.html>

More information about the Code mailing list