Once you supply the credentials to enter the realm, you're in. As long as you stay in (under?) that hierarchy there is no further checking of credentials. If you protect mysite/, then anyone who get's admitted to mysite/ can also see mysite/secretstuff/ and mysite/secretstuff/evenmoresecret/, etc., without further checking of credentials. So, I believe the strategy you outlined works.
--dave Lisle Technology Partners, LLC phone: (630) 353-1900 x15 650 Warrenville Rd., Suite 100 mail: mailto:[EMAIL PROTECTED] Lisle, IL 60532 web: http://www.lisletech.com/ > -----Original Message----- > From: Paul Spencer [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 02, 2001 4:31 AM > To: Jetspeed Users List > Subject: Re: Can't seem to use > myusername:[EMAIL PROTECTED] url > > > The hole I see in the intended implementation. We are not > maintaining a > session with the web server, nor are we rewriting any links in the > returned page with the user information. This means any link returned > by the page will have NO user information, so clicking the > link will be > seen by the web server as a request from an anonymous user. > > Is this a problem? > > Paul Spencer > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
