From: Paul <pa...@qu...> - 2007-09-08 20:47:43
|
> > > > Paul > > Take a look at the Tokens API proposal I sent to mailing list (also > listed in bug #8344). The changes I am making there are to be used > with > a change to the Auth API that will allow pages to require > re-authentication before continuing. This sort of process could easily > be extended to also require re-authentication with an account of a > certain access level or higher to continue, which could easily take > care > of what I think you're wanting to do here. Just trying to suugest a > process that will simplify and or reduce the implementation of your > changes. > > But anyways, I think most of what you are looking at doing is a good > idea, and I agree with the need for them as well. > > Cheers John, I think what you are proposing is somewhat separate. For the sake of argument, at the moment, we use access_ensure_global_level ( level ) to ensure that a user is logged in, and if not to display a logon page. What i'd expect, is that your changes for 8336 would change that function to "Access_ensure_global_level ( level, user_requires_valid_logon_for_this_task = true). At the moment, we propose users to delete the /admin dir as we do not access checking. This is dangerous as - well, what happens if to users hit the upgrade page at the same time before the main admin and you've got 2 people running install.php concurrently (I don't even want to go thinking about that..) So from that point of view, unless you are doing something really strange, I don't see a major issue here. --- In terms of token API, i'm not sure it's a problem that token_add is the only way to acquire an ID -> The original thinking was to provide a temporary storage e.g. for redirects. At the point you add a token, you get an ID. The assumption being that the php would pass the ID on in some way and that after that the only thing you'd want to do is retrieve some information based on that ID. However, I would agree that the row change should probably be done, and that it might be worth making it more usable. It's worth noting with your 2nd point that tokens currently expire after 24 hours. In terms of the 3rd point, i'd be against a move into core.php - there's no point running the purge for every page load. There's probably an argument that says it should be run once for each page that utilises the token retrieval functionality. Do tidy up the tokens API as you describe, however i'm going to open up a can of worms now: In terms of the reauthentication stuff - A question: Are we using the token API to do what a 'SESSION' should do ? PHP has Session support and session_set_save_handler - why do we not use sessions ? We could provide a session_set_save_handler that provides database storage in the current mantis db and allow users to override that with their own session handler. A busy site that needed to cut back on DB load could use sqllite/memcached or whatever to provide the session support and remove a few DB queries. A quiet site could just dump the information in the database. And i'm guessing the use of sessions would have other benefits to us ? Paul |