>>>>> "Randal" == Randal L Schwartz <merlyn@stonehenge.com> writes:

Randal> Consider also something like Slashdot, where the templates are loaded
Randal> from a database... I can also see that here.  Maybe state-to-class is
Randal> dynamic based on current user ID or other security parameter?  Really,
Randal> there's policy there, and it's best to let that be plugged in.

To further this, let's say I had a $big_client that needs to show a
login page if the user isn't logged in, regardless of whatever "state"
the ->get_state returns.  They can override ->get_class to simply
return the login page if not logged in, regardless of whatever state
it's asked to show, and yet the old state is preserved for a "return
to FOO link".  And then the ->get_state can be changed from hidden
fields to pathinfo without messing up the authorization section.

Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
cgi-prototype-users mailing list

Reply via email to