tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ru...@us.ibm.com
Subject Re: Short Term Plan: Add Security Management Capabilities to Tomcat
Date Sat, 16 Oct 1999 19:35:16 GMT



> ... Actually how about turning that a bit inside out and ...

Any good DBA would tell you that neither is in fourth normal form, with the
correct form being more like the following:

    <tomcatpasswd>
      <user name="duncan" password="32kalkf902"/>
      <user name="craigmcc" password="23asdfjask2"/>
      <user name="costin" password="659asdfk39"/>

      <role name="pmc"/>
      <role name="committer"/>

      <auth user="duncan" role="pmc"/>
      <auth user="craigmcc" role="pmc"/>
      <auth user="duncan" role="committer"/>
      <auth user="cragmcc" role="committer"/>
      <auth user="costin" role="committer"/>
    </tomcatpasswd>

Note: while I'm saying this with a little tounge in cheek, there is a bit of a
point to the exercise.  Take a look at the three representations and figure out
how much work (using whatever units of measure you like) would be required to
delete user duncan.  One could make a similar observation about the amount of
effort required to remove a role, but intuitively this is a less frequent
operation.  For this reason, given the choice between the first two
alternatives, I would prefer the former (users containing roles).



Mime
View raw message