Richard Gass wrote:
HI Michael,
One thing that we should start thinking about is the seperation of
"admin" level features. Since in many cases, the client is available
to all users, some features should be blocked, via user
authentication, or just seperated into another "admin client". What
do you think?
Hi Richard,
I think long term a separate admin client may be useful, so that the
user client isn't too cluttered with commands normal users won't have a
need or rights for.
I think it is important to not trust the client; to do the priv check on
the server side.
Greetings,
Michael.
