Re: [Cosign-discuss] Authenticate WITHOUT the cookies?

Tue, 30 Mar 2010 04:59:52 -0700 

Andrew Mortensen wrote:
  > Unfortunately, I doubt it this is really what you want to do.
> "CosignAllowPublicAccess On" means exactly what you think it means: the
> public has access to the resource. If you use CosignAllowPublicAccess with
> an upload utility, there's nothing stopping the public red in tooth and claw
> from DoS'ing your server with uploads.
> 
> CosignAllowPublicAccess means that if the user's not already authenticated,
> mod_cosign will still let them through to the resource. If the user is
> authenticated, mod_cosign will set all the usual environment variables. This
> allows sites to display different information depending on availability of
> REMOTE_USER, rather than simply denying access without authentication.
> CosignAllowPublicAccess *will never* cause mod_cosign to redirect the user
> to log in. Most sites using this directive have a conspicuous "Log In"
> button somewhere on the page if REMOTE_USER isn't set.

This is EXACTLY what the 3rd-party vendor is hoping for, I think.  A way for
them, who have a contractual obligation for their product to work w/ CoSign for 
us, to continue to use a feature they've added SINCE the contract was 
negotiated that is incompatible w/ CoSign.

I don't know if the potential for DoS's will sway people, but I'll share that 
w/ the team before proceeding.

-- 
J.Lance Wilkinson ("Lance")             InterNet: lance.wilkin...@psu.edu
Systems Design Specialist - Lead        Phone: (814) 865-4870
Digital Library Technologies            FAX:   (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to