Hey Kenny -- > The decision has been made (although I can change it) to use a > user-type/run-mode permission scheme. I created a database > that handles > which users are which type and which types have access to > which mode. I even have it working :-)
Maybe a silly question -- but is your security REALLY at the level of a *single* run-mode? In my experience, security is usually applied to a group of run-modes. For instance, you might allow a valid user to access the group of run-modes "search_form", "search_widgets", and "view_widget". You would only allow administrators to access the group of run-modes "add_widget", "edit_widget_form", "update_widget_properties", and "delete_widget". Does this describe your situation? If so, why don't you simply break your application into multiple applications, by required authority? Each application could then have its own instance script. The instance scripts might be located in your "Document Root" like this: /widget_browser.pl /admin/widget_manager.pl If you get this far, you can use the capabilities of the web server to apply security at a directory hierarchy level. You could write an Authentication and Authorization system which would use a database of users and groups. Then, you could apply the following logic: / -- Requires a valid user /admin/ -- Requires a valid user who is also in the "administrator" group. Through a web-based interface, users could be added to or removed from various groups. You could have as many instance scripts as you like, each for a different set of functions, possibly requiring different group membership. The beauty of this system is that you don't have to add *ANY* code to your CGI::Application modules. FURTHERMORE(!), this system will also protect STATIC HTML documents, where any system which is built into your app module will NOT. If you want to change the security required for a particular set of functions or static documents, just move the instance script or documents into a different directory, or change the group requirements for that directory. Does this work for you? What are the problems which would prevent you from using this type of system? Warmest regards, -Jesse- Jesse Erlbaum, CTO Vanguard Media http://www.vm.com 212.242.5317 x115 [EMAIL PROTECTED] --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]