> Why do you want to re-login? To utilize permissions on the images? Yes. The theory being I could then count on ML to do authentication for me instead of making it up myself. This is all somewhat pedantic because in this case I don't really need high security for the images, just was hoping for a general solution that could be reused 'next time' when I really want security.
I propose to MarkLogic that implementing a security token mechanism in the system would be a good thing. Of course I realize it's a LOT harder to do right then to hack it. Once you open the whole can of worms about passing around pre-authenticated tokens its truely a tough security problem to solve perfectly so I can see why they haven't implemented it (yet). But on the other hand, since it is so hard to do right, it really is something that should be done by the system, not re-invented by every user, who wont do as good a job. -David ---------------------------------------- David A. Lee Senior Principal Software Engineer Epocrates, Inc. [email protected] 812-482-5224 _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
