Ronald Wildenberg wrote: > Well, my security implementation is capable of delivering an > anonymous cloud, but only on conditions I determine. If an explicit > request for an anonymous cloud comes in, I have no way to check > where it came from, who this user is that requests a cloud and > I'm not very inclined to give this user any access, since it seems > like an attempt to bypass the authentication implementation, even > if it is a request for an anonymous cloud. >
I think that if there are any conditions, that the cloud is not 'anonymous' any more then. So, I suggest you simply deny everything to anonymous, if you want that. > > This works great, but besides this mechanism I still must > implement a way to provide MMBase an anonymous cloud now and then. > I could make this cloud equal to the anonymous cloud I produce > myself if no request information is available, but why is this > step necessary at all? I already have an authentication module > that covers all authentication attempts. Anyhow I do tend to agree that the code in this aspect is overly complex and that perhaps this stuff with anonymous is a bit silly. I do not completely understand why it is a problem though. I have no time now to do something about it. Perhaps we can look into this as a part of the 'optimization' project. If you have an concrete proposal on what to change, that that is welcome. The big problem is perhaps not the code, however, but testing if it indeed does not cause any troubles with other security implemetnation and sites. Michiel -- Michiel Meeuwissen mihxil' Mediacentrum 140 H'sum [] () +31 (0)35 6772979 nl_NL eo_XX en_US _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
