On Oct 27, 2005, at 2:49 AMGMT-04:00, Ian Joyner wrote:
But what if some hacker (sic)
Do you mean malicious programmer?
Anyway, I think I have found the answer in Chapter 6, p 140 on
delegates, that the session object is a delegate of
EODistributionContext and these delegate methods are called to
check security before operations are allowed on the server side.
These return false if the user is not logged in, which can be in a
parent class of session and then in a subclass provide more fine-
grained access control for checking CRED operations.
Has anyone else implemented such a JC security scheme? Does this
sound like the right way to go?
Apple's JCAuthentication.framework has a shared object
(AuthenticationInfo) that contains the user credentials. This can be
checked from both the server and client side to validate a user. I've
created a modified version of JCAuthentication that supports Groups
and does checking on both the server and client side before running
operations. You can probably do the same with relatively little
programming.
Jaime
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to archive@mail-archive.com
