httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 60946] "Require not env" generates error
Date Fri, 31 Mar 2017 18:58:55 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=60946

--- Comment #6 from Jacob Champion <jchampion@apache.org> ---
(In reply to Philip Prindeville from comment #5)
> (In reply to Jacob Champion from comment #4)
> 
> > <idle thoughts>
> > Does part of the confusion stem from the fact that we are <RequireAny> by
> > default instead of <RequireAll>? Switching that alone might make some things
> > more intuitive.
> > </idle thoughts>
> 
> Except that when one things of traditional mandatory access controls like
> ACLs and such, you execute the rules until you get your first conclusive
> match...  which is what <RequireAny> does.

While that might be true -- and I'm not convinced that's an accurate
description of all MAC systems -- we're not using an ACL (or a MAC)
authorization system here. It's a very flexible (perhaps too flexible),
multi-paradigm system, and I would argue that you're just as likely to see
role-based authz with some of the more advanced authorization modules.

Perhaps the best thing to agree on is that any behavior might be "astonishing"
to some, and we should try to do what is least astonishing to the widest
possible range of users.

Anyway: there's a good chance that this is neither here nor there. Maybe all we
need to do is review what directives are considered neutral/success/failure in
the authz system.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message