Em Terça 13 Junho 2006 13:44, Alberto Valverde escreveu: > > WARNING: Some self-promotion follows... > > Well, you might be interested in an alternative identity/ > authorization library I'm using in my apps. It's based on Paste's > middleware for authentication (which provides HTTP Basic and Digest > auth.) and PEAK security for authorization. > > It's designed from ground-up to be lightweight and EXTREMELY flexible > (thanks to middleware and generic functions). > > If you want to take a peek it's SVN is at http://svn.toscat.net/ > TurboPeakSecurity. Feel free to ask any questions you might have. > > Alberto > > P.S. As soon as I have the time I plan to document it and incorporate > it into TG's "projects" repository. Ahhh, time, precious time....
Alberto, I'm more interested on "mixing" database and application security. By that I mean that I want to show/hide things and allow access to certain parts of the application in it, but I also want to be able to use existing database definitions (read: GRANT/REVOKE definitions per user/group/object inside the database) to control database interaction. Today we have one connection stablished with a certain user and if your database supports it you can change the user ID and count with database security kicking in. I won't worry nor care about databases that doesn't support this -- even though one could stablish a new connection for each access to the database to achieve the same thing... -- but today if we don't manually do that, it won't be done. Do you have plans to support something like this in your implementation? Demanding that every user in the application is also a user in the database is perfectly fine to me (even though some mapping might be used as well...). Be seeing you, -- Jorge Godoy <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
