Understood. Sorry for the confusion. We are doing things a little
different
and more like the current sql setup. From this and others comments, I'm +1
on your propsal.
jb
-----Original Message-----
From: Craig Berry
To: 'Turbine'
Sent: 09/06/2000 4:26 PM
Subject: RE: Moving user validation into User interface from UserFactory c
lass
-----Original Message-----
From: Brekke, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 06, 2000 12:00 PM
To: ''Turbine' '
Subject: RE: Moving user validation into User interface from UserFactory
c lass
>I'm not on site today so I can't confirm what we did, but we auth
against
>ldap and I didn't seem to think there was a problem with
>validateUser(user, pwd). The pwd is the one the user entered and the
>password you must present to LDAP, right?
The problem with UserFactory.validateUser() as written is that it
assumes that the password is retrieved during user object creation,
and available to be compared against on the client side with what
the user entered; conversely, LDAP authentication expects the
password to be sent to the LDAP server, where it will be checked
and approved or not. The password need not (and should not) be
sent to the client, encrypted or in the clear.
Moving this code into the interface User will allow each new User
class to do this "right", for any value of "right".
--
Craig Berry
GlueCode
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
------------------------------------------------------------------------
This message has been scanned for viruses with Trend Micro's Interscan VirusWall.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
