On Wed, Jul 05, 2006 at 05:08:42PM -0400, Sam Varshavchik wrote: > >BUT there then should be some kind of mechanism to limit/deny specific > >user based on IP address (and maybe some other criteria). > > If you start chasing every kind of marginal situation that someone dreams > up, thing will quickly spiral downhill. > > I happen to have some knowledge of things that go on inside the corporate > networks of 800 lb. corporate gorillas. Literally billions of dollars in > financial transactions move every day. Now, I can tell you that one of the > things they do NOT do, as far as remote access from employees, is have some > kind of stupid IP-based restrictions.
However, I think it's fair to say that policies which apply to a bank may be stupid when applied to an ISP or a school or a small business, and vice versa. If there's one thing I've learned, it's to try not to say outright "what you want to do is stupid". You can engage with the other party, try to understand what they're trying to do and why, and propose other solutions which may be better (but be prepared to have explained back to you why those alternatives have been considered and discarded). Good software can be moulded to fit the user, rather than vice versa. Courier inherits the qmail model of "lots of small bits which can be fitted together in new and interesting ways"; and "drive things by environment variables, so if you change an environment variable in one module, it can control the behaviour of another". This is one way of going for this flexibility. Indeed, the old pre-authdaemon model where the auth modules were run as executables was very flexible. But IMO the authdaemon protocol has become an information bottleneck which has removed some of this flexibility. As for "spiralling downhill": I think it's more a question of keeping options open. If you end up adding code for specific features, then once in a while it's worth having a review to see if there's a simpler, more general-purpose mechanism which can replace them. Regards, Brian. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
