Heikki Linnakangas wrote:
Another approach I've been thinking about is to allow anyone that knows the (user-supplied) global transaction identifier to finish the transaction, and hide the gids of running transactions from regular users. That way, the gid acts as a secret token that's only known by the transaction manager, much like the cancel key.
Doesn't this break recovery? The TM needs to find all outstanding GIDs for a particular resource.
I guess if we treated (database + authenticated user) as the equivalence key for XAResources (XAResource.isSameRM() in Java-speak) it might work. Then only transactions initiated by the current user need to be visible.
Either way, it seems necessary to have some way for recovery to get the set of GIDs that are in doubt and the current user has permission to resolve. Otherwise the TM is going to get confused when it tries to resolve a transaction that appears to be needing recovery but it does not have permission to resolve.
-O
---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
