cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Niclas Hedhman <nic...@localbar.com>
Subject Re: extensions in public URIs [was: RE: Variations on a theme by Cocoon]
Date Thu, 17 Feb 2000 10:02:58 GMT
Ben Laurie wrote:

> The issue is that if I want some particular subset of URLs to be served
> by a particular Cocoon processing chain, but _also_ have, say,
> restricted access, I have to ensure that the Cocoon and Apache configs
> match exactly. This is difficult and risky. The simple fix is to allow
> (but not require) the sitemap to match on handler (or environment
> variables, which can also be set in a variety of circumstances in
> Apache), then the sysadmin can choose which approach to take. If you
> also (optionally) allow the source file to be the result of Apache doing
> the URL translation (which is available in the environment), then the
> problem is solved without compromising the generality of sitemaps.

I understand your point of view...

But are you not taking ths from the wrong angle??

User restrictions should be in the URI space, not file space.
Apache has some concerns regarding this supporting both <Location> (URI) and
<Directory> (Filesystem). That seems to stem from various OS related security
issues (symbolic links for instance), and are not web-centric.

So if you put that aside, and look from a PURE URI space, and restrict that,
Apache will handle the user authentication on behalf of Cocoon (using
<Location>).

I can't see how you could end up with mismatching URI spaces, since that is the
root/pure definition of all resources.

Niclas


Mime
View raw message