Michael Bell wrote:
The next issue is the access control. What controls the access (OpenCA::UI or OpenCA::Server) and what is controlled (API access or UI usage). Questions over questions. Perhaps I have in mid january a running server for evaluation.this depends, if the ui uses the api too, just the api needs access control in this sense, to guarantee security and so on...
api needs access control anyway if no checks are behind it... the question is, if functions can be called directly without getting checked against security policy, this has to be prevented anyway
The code has today the following structure:
1. several init stuff (perhaps without access control)
2. real operations use the following:
$self->{api}->command ("commandName", %params_hash)
I hope that I have to execute the access control on these API commands only. The API commands perform no ouput operations but they do the real work. The advantage is that the parameters are already parsed. This means that we have no longer to scan for such ugly stuff like OWNER_METHOD and OWNER_ARGUMENT (which 99 percent of the people do not understand). We simply take the parameter KEY if we need it. This should ease the configuration stuff too which is really important if we want to put it into the database.
Michael -- _______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel