Re: [Phplib-users] on auth
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] on auth
|
From: Chris J. <ch...@ch...> - 2002-09-25 03:26:14
|
On Wed, Sep 25, 2002 at 12:34:46AM +0200, Giancarlo wrote: > May I recall Kristian Kohentopp's comments about actual auth oddities? > http://sourceforge.net/mailarchive/forum.php?thread_id=875358&forum_id=808 > > <snip> > > >- what is > > the use of the auth['uid']='form' status, if not better > > security? > > Koehntopp PHPLIB was programmed with interstitial (blocking) > authentication in mind. The state machine is > really only useful > for that, and little else. Default Auth and > auth_preauth() were added as an afterthought in Koehntopp PHPLIB, and are > really cluttering up the Auth process. > The whole thing should be redesigned, and using a > sidebar login and default authentication as the main model, as > this is much more common and useful than the original interstitial auth. > > </snip> > > > Has anyone tried my new auth at > http://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613 > > Sorry to insist anyway, but that would solve many problems, and is perfectly > compatible. > > Gian I have not tried your new auth, Gian. If it implements Kristian's suggestion for the redesigned Auth process for sidebar and default authentication, then I think it would be great to offer PHPLIB users the choice of the old, interstitial (blocking) Auth method, and your new default Auth method. I currently have a large application which uses the old blocking Auth method and it is the right thing for that application -- all users must be authenticated and there are no default facilities. But the default auth model is more common, as Kristian pointed out above. -- ..chris |
