> -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Namens Ernst Bunders > Verzonden: dinsdag 5 oktober 2004 15:16 > Aan: [EMAIL PROTECTED] > Onderwerp: RE: Extend authentication by using http request header info > > Just out of curiosity: why are you so keen on not being > locked into the web-tier, while the actual base for your > authentication is that very tier (i.e. http headers)? When > will you want to check http headers outside the web-tier? > On the other hand I agree with the general argument that the > mmbase core should not pass these specific objects within the core.
That's a good question :) The only reason for it in this case is just the fact that I'd like web tier objects to remain in the web tier. In this particular case, however, the value I retrieve from the request header are the groups a particular user belongs to (Base64 encoded). These groups can just as well be obtained by other means (although in this case that is not very likely). > > Ernst Ronald -----------------------Disclaimer------------------------- Dit bericht (met bijlagen) is met grote zorgvuldigheid samengesteld. Voor mogelijke onjuistheid en/of onvolledigheid van de hierin verstrekte informatie kan Kennisnet geen aansprakelijkheid aanvaarden, evenmin kunnen aan de inhoud van dit bericht (met bijlagen) rechten worden ontleend. De inhoud van dit bericht (met bijlagen) kan vertrouwelijke informatie bevatten en is uitsluitend bestemd voor de geadresseerde van dit bericht. Indien u niet de beoogde ontvanger van dit bericht bent, verzoekt Kennisnet u dit bericht te verwijderen, eventuele bijlagen niet te openen en wijst Kennisnet u op de onrechtmatigheid van het gebruiken, kopi�ren of verspreiden van de inhoud van dit bericht (met bijlagen). This message (with attachments) is given in good faith. Kennisnet cannot assume any responsibility for the accuracy or reliability of the information contained in this message (with attachments), nor shall the information be construed as constituting any obligation on the part of Kennisnet. The information contained in this message (with attachments) may be confidential or privileged and is only intended for the use of the named addressee. If you are not the intended recipient, you are requested by Kennisnet to delete this message (with attachments) without opening it and you are notified by Kennisnet that any disclosure, copying or distribution of the information contained in this message (with attachments) is strictly prohibited and unlawful. ----------------------------------------------------------
