Menu
▾
▴
Re: [Exist-development] security refactoring
|
From: Dmitriy S. <sha...@gm...> - 2010-07-22 09:10:38
|
On Thu, 2010-07-22 at 09:36 +0100, Adam Retter wrote: > >> How is this any different to the current 'guest' user? > > > > Current "guest" account can be used by user (authenticate), I do miss > > something before user introduce oneself. This account should not be > > allowed to create anything @database, but only limited read permissions. > > Sure but this problem is really due to the default permission on /db. > Arguably you just need to tighten these up and then the guest user > would be fine. We are talking different things here. You are on authorization side & I'm on authentication one. Personally, I don't like default account & role for permissions (default mask is ok), the user must introduce oneself or we have security hole. (linux security system don't allow this, you have to authenticate first) -- Cheers, Dmitriy Shabanov |