Re: [Perlplusplugin-developers] authorization?
Status: Beta
Brought to you by:
fholtry
Menu
▾
▴
Re: [Perlplusplugin-developers] authorization?
|
From: Steve L. <so...@le...> - 2000-09-13 14:24:18
|
Dmi...@pl... wrote: > > Hi! > > During my code digging with the plugin, I disabled the authorization > feature (just to make my work simplier). But from my point of view, this > part is not necessary at all - of course, protection is a tough problem, > but I don't think it should be solved like this. I would suggest rather > java-like protection, when no local operations are permitted ( > feasuble with -T and/or use Opcode). And, the additional security > settings would be accessible for locally - like, MSIE does, assigning > different site groups to the different security groups. > > What would you say if I try to implement this scheme instead of > cgi-authorization? The reason I want to do this hard way is that I > would like to re-write both win32 and X parts, merging the code from > both platforms. Besides CGI authorization, Frank already has opcode restrictions - in fact the cgi program is responsible for assigning the opcode security level! The problem appears to be that to do anything useful in Tk you need to allow many of the "evil" opcodes..... Steve |
