durusmail: quixote-users: Call for applications
Call for applications
2002-08-30
Andrew Kuchling
2002-08-30
Titus Brown
2002-08-30
Patrick K. O'Brien
2002-09-04
Andrew Kuchling
2002-09-04
Greg Ward
2002-09-04
Neil Schemenauer
2002-09-04
Mike Watkins
2002-09-05
Greg Ward
2002-09-04
Neil Schemenauer
2002-09-04
Jonathan Corbet
2002-09-04
Greg Ward
2002-09-04
Titus Brown
2002-09-04
Jonathan Corbet
2002-09-04
Titus Brown
2002-09-04
Jonathan Corbet
2002-09-04
Andrew Kuchling
Adding access control code (was Re: Call for applications)
2002-09-04
Greg Ward
2002-09-04
Patrick K. O'Brien
Re: query string handling
2002-09-04
Andrew Kuchling
2002-08-30
Patrick K. O'Brien
Call for applications
Greg Ward
2002-09-04
On 04 September 2002, Jonathan Corbet said:
> Regarding Greg's thoughts on user authentication: if request.session.user
> changes, I could end up with (another) cleanup job to do.  Best to do that
> before 1.0 if you're going to - or wait for 2.0.

My thinking is to make any backwards incompatibility there purely
theoretical -- ie. right now Quixote makes no demands on what you put in
session.user, and that wouldn't change.  It might *expect* to find an
instance of some new Quixote-provided User class, but I would try fairly
hard to make Not A Big Deal if apps don't play along with the new rules.

The session management changes with 0.5 were somewhat painful because
there was an existing session API that needed repair.  Introducing an
access control API should be much smoother, because there's nothing
there to speak of now.

        Greg
--
Greg Ward - software developer                gward@mems-exchange.org
MEMS Exchange                            http://www.mems-exchange.org
reply