Frank Boehme wrote:
> It seems that one problem reamains to be dealt with: How do I prevent
> the users from changing/destroying the admin site? After all, they are
> in the administrators group. Midgard will hardly bother about the fact
> that the authentication came from a separate db, or am I wrong? I could,
> of course, create all host entries first and then freeze the page db on
> mysql level (grant tables). Or am I missing something?
That's the nice thing of the pagedatabase: they can't even _see_ the
admin
site beyond the page that they're currently using, much less change it.
The host matching and style collection is done from the page database,
but the connection is switched over to the 'main' database just before
authentication. From that point on, _no_ access to the pagedatabase is
available, no matter who you're logged in as.
That's exactly the downside to using the pagedb: everything you're going
to use in a page needs to be in style elements or page elements. Page
blobs
get served automatically, but you can't serve other blobs from a pagedb
application for example, since while the page is executing you have no
access to the database that holds them. Likewise, some of the data in
the
$midgard object (like the page and the host id) will refer to objects
that are not accessable during the page execution. Stuff like
mgd_list_pages
to create automatic navigation is gone. Asgard uses these features quite
a
lot. Snippets are the only exception: snippets get fetched from the page
database (if any was specified).
The admin and framed admin are mostly 'static' applications with
navigation
links and the like hardcoded, which is why they work.
To make changes to the admin site itself BTW you would have a host like
<VirtualHost _default_:*>
ServerName root.yourdomain.com
MidgardDatabase adminsite commonuser commonpass
</VirtualHost>
This would grant access to the admin site itself with the user matched
against
the account list in the adminsite database. Not something you'd give
general
access to of course.
Emile
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
