"Hermann, Eckehard" wrote: > > Hi all, > > because of the discussion in the [EMAIL PROTECTED] list, checkCredentials seems > to be done not in the right way in Slide. I plan to fix it in the following > way: > Add a new flag to the SlideToken which shows if a credentials check has > allready been done. > Add credentials check to the HTTP Methods in the Webdav tier > After a successfull credentials check the flag in the SildeToken will be set > to show that a credentials check has already been done. > The helpers will just do a credentials check if the check not have been done > before. > > The result will be, if the client request comes via the HTTP Method of the > webdav layer, the credentials will just be checked by the HTTP Methods one > time instead of 8-10 times currently. > > Comments are welcome > > regards Eckehard
Hi, Reducing the number of security/credentials checks done in the server is an admirable goal - but I don't see how you can reduce it to a single check (generally - though for some simpler cases this should be straightforward, like a GET). For example, on a propfind depth 1 (a very common case), slide needs to be able to check read permissions on the URI requested, _and_ seperately on all the resources which are children of this URI. Allowing reads on the parent URI but not the children (or on only some of the children) is actually a common usage which is often relied on. However, it should be possible to not require additional checks of the SAME resource/action pair within a single request - but it doesn't sound like what you've suggested does that. Michael -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
