On 27/02/2013 10:54 a.m., Kinkie wrote:
May I chime in? While I'm not an expert too, why can't we have the best of both worlds without even letting the cache admin know? This could be as simple as having some code which detects if the config has changed from the "deny all" default and enters the ACL checking code path only if it is so.. there'd be a negligible overhead in the uncommon case, and just a bit of unused code carried around in the common case..
That is what we should have now for all ACL checklists. A NULL check against the configured ACL tree, with some hard-coded default action if there is nothing configured.
Amos
