Hey Roja, 2008/6/9 Roja Anthony Buck <[EMAIL PROTECTED]>: > Hi, > > I am just taking a look at your framework and am mighty impressed with > its simplicity. That said i wondered if anyone could give me a hint towards > solving the following questions: > > 1) Is there any way of making the served pages valid? i.e. > http://tinyurl.com/6hjx46 (At the moment the lack of a doc type and the use > of ampersands breaks the pages according the the w3c)
Currently, W3C validation has been given low priority, and we perceive it to be mostly a marketing problem. While there is certainly room for improving our validity, which we intend to do, it will only be to the extent that we do not compromise our support for non-compliant browsers (such as IE6). Therefore, do not expect to get a 100% valid response ! The pragmatic approach we took so far is to develop based on accepted best practices (including work-arounds for browser incompatibilities), and to test using many browsers for correctness. > 2) Is there any framework in place for handling users? Login/Logout/Access > Levels, or a preferred method suggested by users of wt? I think there are many different needs and approaches. For example, to secure access to an application you could provide a simple static web form which posts to the application. In the createApplication() method you can verify credentials to determine whether a new session should be started, or whether you wish to instead redirect the user to another static "bad login" page. This is a simple way to protect against DoS attacks since only valid users can start a new session. You may want to do all this through HTTPS to protect the user/password combination, and switch to HTTP afterwards. Within the application, you can easily differentiate access levels, by simply not 'displaying' access to certain features. This automatically guards against access to those features since the central controller only allows access to 'exposed events' (a malicious user cannot 'fake' a click to a button that is not shown). To bind users with passwords and access levels, Wt does not provide anything. That would probably belong in a (XML) file or data base ? Regards, koen ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
