On Wed, Apr 16, 2008 at 11:00 AM, Chris Chabot <[EMAIL PROTECTED]> wrote:
> Hmm.. well one of the problems i remember of our proxy is that it's pretty > open .. That'd only be true for the open proxy, which isn't used by makeRequest. The open proxy is there for things like images. > > Having a (cryptographically verifiable) viewer, would partially solve this > problem when we only allow requests with valid tokens to retrieve content > through the proxy right? (there are scenarios conceivable where this could > be bypassed but that would take a rather complex mechanism). Hence my > wondering about it being passed or not :) > > -- Chris > > > On Apr 16, 2008, at 7:49 PM, Kevin Brown wrote: > > The security token is only passed if authz is "signed" or > > "authenticated". > > It doesn't make sense to pass it otherwise. > > > > > -- ~Kevin
