> [EMAIL PROTECTED] 16.03.2003 21:45:12 >>> >>Graham Leggett <[EMAIL PROTECTED]> wrote:
>Then your idea to use "'s and have only one check is probably a solution >or we can have an extra option to specify how this "require user User1 User2 .." > to be interpreted - as a single value or as a list of values. I'm against yet another option, because we can't guarantee correct behaviour if the quotes are turned off. Better when we find a " in the line, use those as quotes. If no " are found, then use the blanks as separarators. (And this automatically disallows usernames with blanks in them.) >BTW, how the other apache authentication modules treat this situation? Good question.... >If first all values are checked against the cache and then if we >don't find a match we go to the LDAP - this will make the >cache used properly - no ldap requests sent if we have cached >the positive result, the negative results are not cached anyway. > I don't see negative cacheing. The only advantage a negative caching would provide is (slightly) a better handling of DOS attacks. Of course a DOS attack is still possible when requestings user1, user2.... user99999 Of course a negative cache should have a "short" cache lifetime. 3-5 minutes or so. André aarboard ag internet - networks - screen&print design - multimedia Egliweg 10 - Postfach 214 - CH-2560 Nidau (Switzerland) Phone +41 32 332 9714 - Fax +41 32 332 9715 www.aarboard.ch - [EMAIL PROTECTED]
