httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: [patch] mod_access/3821
Date Sun, 21 Mar 1999 02:25:03 GMT
Cliff Skolnick wrote:
> Here's what I just finished coding :)

hehe :-)

> Now - if you need to add tons of types you will not be able to use
> mod_access controls, which is the case for any M_INVALID case now.  I don't
> think this is a problem, do you?  My thoughts are if you are adding tons of
> type - do the access checks yourself. :)  With the provision the M_UNKNOWN
> will apply to everything for safety.  So you need to allow M_UNKNOWN to do
> the checks yourself for sure.

Well, mod_access is only part, as I mentioned.

The "requires" stuff is another piece (it has a method_mask in the
require_line structure). This is probably worse than the "order" stuff
from mod_access... all the mod_auth (and digest) modules refer to the
requires stuff. eek!

There is no reasonable way for a module to perform its own access/auth
checks, without complete duplication of the other module code. So: I
would maintain that anything relying on bit masks or other
non-extensible stuff "is not good enough [in the long run]."

It may make sense to layer the authorization stuff, to accumulate all
the auth modules' method_mask stuff into a single location, before
delving into ways to extend the methods. I saw an item somewhere about
creating these layers.


Greg Stein,

View raw message