httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <bnicho...@novell.com>
Subject Re: AuthzMergeRules blocks everything in default configuration
Date Fri, 05 Dec 2008 14:44:43 GMT
>>> On 12/4/2008 at 1:30 PM, in message <49383DD6.1020200@pearsoncmg.com>, Chris
Darroch <chrisd@pearsoncmg.com> wrote:
> Hi --
> 
> Eric Covener wrote:
> 
>> I had meant iif containers are used, I'd like their name to
>> communicate the "require" or "reject" part while the authz providers
>> would be "match"-like (because the Require on the inside is confusing
>> when surrounted by all the variations)
> 
>    Yes, I thought that was a good point; my further thought was that
> the container names can't imply require/reject either though, because
> they can be nested and so their meaning can be inverted if they're
> contained in a negated context.
> 
> 
> Roy T. Fielding wrote:
> 
>> But we are already using *Match all over the place to indicate the
>> use of regex matching. :(
> 
>    These are good points; I hadn't thought of the "overlap" with
> LocationMatch and friends.
> 
>    A lot of the other obvious access-control-related words and terms
> are also already in use, especially for older authorization directives
> (e.g., Allow, Deny, Order, Limit, Require, Satisfy, etc.)  In order
> to avoid confusion, we should probably stay away from all of these too.
> 
>    Perhaps something like Check or Test would suffice, maybe prefixed
> with Authz?  Hopefully someone else has a good idea, or at least
> stronger opinions.  :-)
> 

I think prefixing it with Authz probably makes more sense.

Brad



Mime
View raw message