httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jus...@erenkrantz.com>
Subject Re: mod_access vs mod_authz_host
Date Thu, 10 Nov 2005 05:42:04 GMT
--On November 9, 2005 9:25:20 PM +0000 Nick Kew <nick@webthing.com> wrote:

>> It runs with the access_checker/auth_checker hook.
>
> That's two hooks of course, and not even contiguous.

I disagree.  Access checker and auth checker perform almost identical 
functions.  There is no reason why we couldn't replace them with only one hook.

There are only two occurrences of access_checker in our code base: the first 
is with mod_authz_host which would be fine if moved to an auth checker.  The 
other is mod_ssl which uses the hook to reject invalid cipher configuration, 
etc.

The key change Sander and I wanted to do was to remove ap_some_auth_required 
and unconditionally run both check_user_id and auth_checker hook.  The fact 
that it is conditional makes mod_authz_svn in Subversion a bit more awkward 
than necessary: it really needs to run on every request.  So, if auth_checker 
executes unconditionally, then it becomes the same as access_checker (except 
run after check_user_id).

Sander may have wanted to do more things, but that's the one that matters 
here.  This is all in the archives, I believe.  -- justin

Mime
View raw message