Jon Stevens wrote:
>
> on 1/16/01 2:58 AM, "[EMAIL PROTECTED]"
> <[EMAIL PROTECTED]> wrote:
>
> > Jon Stevens wrote:
> >>
> >> Ok, why are we passing in a User object AND a password? Shouldn't the
> >> password simply be retrieved from the User object with User.getPassword()?
> >>
> >
> > Because User.getPassword() will return null in 99% of the LDAP setups.
> > Nearly all corporate LDAP servers prevent users from reading passswords,
> > it's a write-only attribute.
>
> Right, but in the case of creation of a User, you are first populating a
> User object with information such as username, first name, last name,
> etc...then you are passing that into TurbineSecurity.addUser(). Given that
> you are the one who has populated this object, it makes sense to place the
> password in the same location as the rest of the User data and does not make
> any sense to pass it in as a separate field.
>
> I would like to change the definition of that method or create another
> method that simply takes a User object with the expectation that the
> password will be retrieved from the getPassword() method on the User object.
>
I agree that it makes sense but it may also make people easily forget that
some implementation of TurbineSecurity have to treat password fields in
a specific way.
Now given than Turbine has a DBMS bias, it's just as well to give the most
simple and understandable API for DBMS implementation users.
--
Raphaël Luta - [EMAIL PROTECTED]
Vivendi Universal Networks - Services Manager / Paris
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
