On 31 Mar 2006 at 12:18, Jesse Erlbaum wrote: > One other note, on which I have been harping for years: If you are > about to tell me that you can't have a separate instance script for each > application because your login system would have to be duplicated in > each application, then you're doing things wrong. Authentication and > authorization belongs in Apache -- not in your CGI-App module.
No, this is not the reason, why I want to split my application but still, I am not convinced that authorization belongs in Apache. Say I have an application with a company and branches. Now I want that a user is only allowed to run the runmodes with data of the brach the user belongs to. This info is within the application and Apache doesn't know anything about it -- at least if I don't want to duplicate my branch layout in a htgroups file or similar. Or if this case is still simple enough that with some tricks Apache can use the info in the database, what about special cases where a user is granted rights just for part of the info, say anything, except sallary? The 'knowledge' about the different roles of users is inherently within the application and I cannot see how Apache can do really flexible access restriction without being part of the application. Cheers, Michael --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
