httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fab...@apache.org
Subject Re: [VOTE] access control for dynamic hosts
Date Thu, 24 Mar 2016 14:52:13 GMT

Hello Yann,

> I guess this question is for me, not the doc :)

Yep!

> [...] So, finally, mentioning that *any* ip/host-based authz should be 
> combined with other authz/authn (SSL certificates, credentials schemes, 
> ...) for stronger requirements may be the way to go.

I agree that combining authz is the way to go, esp. with sensitive 
applications which are more and more hosted outside of organizations, or 
even provided as SaaS.

I'm not sure of a good place to discuss authorization policies in general 
in the documentation though.

> Or maybe simply not change the doc since all this might be quite obvious...

I would be fine with this solution:-)

-- 
Fabien.

Mime
View raw message