On Jun 16, 2:48 pm, Martin Budden <[email protected]> wrote: > a (perhaps) stupid question
I thought we all agreed a long time ago that there are no stupid questions? > Why do you call the policy constraint "accept"? You call the > constraint "accept", and validate if it is not set. > > Why not call the policy constraint "validate", and only validate when it is > set? Basically because: * We are theoretically able to enumerate those users for who we think content should be _accept_ without validation. Martin and Chris get their content through without change, everyone else (the infinite list of everyone else) gets their content validated. Or ANY user which is authenticated gets their content through without validation, the infinite unknowable everyone else does not. * Where we can enumerate both those users that don't need validation, and those that do, it is presumed safer to whitelist rather than blacklist, as with blacklisting, the risk from making a mistake in the list is higher: damage is done to content. If I fail to include Martin in the whitelist, the only thing that happens is that Martin can't do what he wants to do, but the integrity of the system is maintained. That make sense? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/TiddlyWikiDev?hl=en -~----------~----~----~----~------~----~------~--~---
