31 Mar 2006 at 12:18, Jesse Erlbaum wrote:
other note, on which I have been harping for years: If you are
about to tell me that you can't have a separate instance script for each
application because your login system would have to be duplicated in
each application, then you're doing things wrong. Authentication and
authorization belongs in Apache -- not in your CGI-App module.
No, this is not the reason, why I want to split my application but
still, I am not convinced that authorization belongs in Apache. Say I
have an application with a company and branches. Now I want that a user
is only allowed to run the runmodes with data of the brach the user
belongs to.
This info is within the application and Apache doesn't know anything
about it -- at least if I don't want to duplicate my branch layout in a
htgroups file or similar.
if this case is still simple enough that with some tricks Apache can
use the info in the database, what about special cases where a user is
granted rights just for part of the info, say anything, except sallary?
The 'knowledge' about the different roles of users is inherently within
the application and I cannot see how Apache can do really flexible
access restriction without being part of the application.
Cheers,
Michael
Web Archive: @lists.erlbaum.net/
To unsubscribe, e-mail: cgiapp-unsubscribe (AT) lists (DOT) erlbaum.net
For additional commands, e-mail: cgiapp-help (AT) lists (DOT) erlbaum.net