Kenneth Downs wrote:
....but of course we want to prevent session hijacking and forged urls no matter what the security mechanism, right?
I'd also like to prevent users entering something in an input field
because their "friend" tells them it's a good idea.
But since I can't control users.....
[EMAIL PROTECTED] wrote:
I wonder how difficult it would be to design a functional application
that would work both in the shared hosting/single db user model AND a
dedicated server/multi user model, and would there even be a market
for such an app(market defined as people who would use it in both modes)
Actually an Andromeda node can host any number of applications, private
business apps and public sites both (as SDS servers in fact do), with
multiple instances of the same apps and multiple versions of the same
apps all running simultaneously. All database users are fully isolated
into their individual apps.
I'm thinking more from the perspective that the Application would run on
a GoDaddy host, it will run on a Dreamhost account, and it will run on a
dedicated server.
Designed in such a way to devolve down to the single db user access
rights when that is all that is available, but will scale up to the
multi user access level when it's available.
It would mean a lot of redundant code at the application level to manage
security when the user access is lacking.
It seems to me it's better to start with an app dedicated for the shared
hosting environment and then upgrade to something like Andromeda when it
is economically justified. But it would be cool to be able to use the
same app under different security models.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
