HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: giancarlo pinerolo (giancarlo <email protected>)
Date: 07/13/01

• Next message: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Previous message: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• In reply to: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Next in thread: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Reply: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Reply: giancarlo pinerolo: "Re: [phplib] login page help: My conclusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think the docu doesn't explain too clearly what default authentication
means.

Without it, the logic of your application can go no further than what
you'd accomplish with a normal Yes/No authorization scheme, no more than
what you can obtain with .htaccess/.htpasswd files and a careful
disposition of documents within .htacces-protected directories.

The problem with default authentication is that, once you adopt it, your
programming changes, because you cannot rely opn simply including 'user'
and 'auth' o tob, but you need to check if the visitor is 'nobody' or
someone logged in, whenever you use it. Only that.

But this influences all your scripts, and if you get it right from the
beginning (default authentication On), you're ok forever, if you
understand it late, you have to change all your scripts.

That's why I'd had set it as the default, and had created an
Example_Auth that already had default authentication in in, and had
explained in the doc that, if you don't mind having the possibility to
check if someone is authenticated or not, you could use another
Example_Resticted_Auth that enforced a Yes/No scheme, where only
authenticated user could go, like what you can get with
.htaccess/.htpasswd settings

Giancarlo

I myself wrote:
>
> In fact preauth bypasses all permission check, unless you set ther
> $auth->auth[perm] value in it.
> You cannot rely on things like
>
> $perms->check("user") or $perms->check("admin")
>
> after it, if you don't set that.
>
> Deafult authhentication
>
> This is a great feature, not a fake authentication as it may sound.
>
> If, at any point, you want to check (only check, not force him to login)
> if the actual visitor is logged in or not, and conditionally show him
> some personalized component or not, you can do it only with default
> authentication.
>
> I dunno way the didn't make it the default.

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>

• Next message: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Previous message: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• In reply to: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Next in thread: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Reply: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
• Reply: giancarlo pinerolo: "Re: [phplib] login page help: My conclusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]