durusmail: quixote-users: PyWebOff problem ==> solution.
PyWebOff problem ==> solution.
2005-01-30
Titus Brown
2005-01-30
Eric Floehr
2005-01-30
Michael Watkins
2005-01-30
Neil Schemenauer
PyWebOff problem ==> solution.
Michael Watkins
2005-01-30
> One of the things she wanted to do was control access by login,
> I suggested a namespace reorganization & a try/except clause in
> an app-specific Publisher class, but was curious to see if people on
> this list had any better suggestions.

I think what has to be stressed is that developers can have it their way.
In my first Quixote apps I located all "admin" functionality for all
objects under an /admin/ namespace and thus securing the entire lot was
easy (provided the security requirement was drop dead simple).

Lately I've noted that I'm more likely not to chunk up apps this way and I
secure each method available individually. its a little more work but in
many cases I like having something like this:

/object/  [public]
/object/rss [public]
/object/text [public]
/object/edit [admin|owner|grantees]
/object/delete [admin|owner]

.... rather than

/object/  [public]
/object/rss [public]
/object/text [public]

/admin/object/
    object/edit [admin|owner] (and what about those grantees...?)
    object/delete [admin|owner]

/admin/someotherobject/

Clearly the latter makes securing a whole mess of functionality really
simple, but if the security needs are more complex, then the namespace
level chunking of security may not help much.

At least Quixote helps remind the developer at a key step to think about
what they are doing, given that adding something to _q_exports requires we
think about the implication (hey, you are potentially giving * access to
this, is that what you want!). That final mental checkpoint is useful!
reply