Hmm.. well one of the problems i remember of our proxy is that it's
pretty open ..
Having a (cryptographically verifiable) viewer, would partially solve
this problem when we only allow requests with valid tokens to retrieve
content through the proxy right? (there are scenarios conceivable
where this could be bypassed but that would take a rather complex
mechanism). Hence my wondering about it being passed or not :)
-- Chris
On Apr 16, 2008, at 7:49 PM, Kevin Brown wrote:
The security token is only passed if authz is "signed" or
"authenticated".
It doesn't make sense to pass it otherwise.
