talking about authentication , could we also think about certificate authentication ?
2014-04-05 14:55 GMT+02:00 Erik Huelsmann <[email protected]>: > Hi Chris, > > Looking at the auth code currently in login.pm and LedgerSMB.pm as well as > the exceptions in lsmb-request.pl, I'm coming to the conclusion that > LedgerSMB.pm has been coded based on the assumption that every request needs > to be authenticated against the database and that if authentication fails, > an auth popup should be returned. > > However, as it turns out, this situation causes problems when the database > doesn't actually exist, or when the application "only" wants to > authenticate, but not generate a full request series (such as the > login.pl:authenticate() function). > > I'm thinking we can resolve the issue we're seeing now by: > > * Stopping to connect to the database in LedgerSMB.pm:new() > > And instead: > > * Factor out the database connection logic > * Factor out session initialization logic (the part which is based on the > DB connection) > * Introduce a mechanism whereby a module (e.g. login.pm) can signal > one or more of its actions doesn't want a preconnected database handle > * Make database connection and session initialization explicit parts of > lsmb-request, > if the module doesn't disallow it > > This way, we can remove any implicit auto-connection to the database from > all lower level calls. > > What about it? > > -- > Bye, > > Erik. > > http://efficito.com -- Hosted accounting and ERP. > Robust and Flexible. No vendor lock-in. > > ------------------------------------------------------------------------------ > > _______________________________________________ > Ledger-smb-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel > ------------------------------------------------------------------------------ _______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
