checking read community in agent++
Frank Fock
Frank.Fock____t-online.de
Tue Sep 18 22:37:52 CEST 2001
Hello Paul,
Communities are often misused and they are never "safe". Communities,
from the standard point of view, associate groups (views) of objects
with
names. That's all. In AGENT++, I have chosen to include the "read" view
into the "write" view, because write access has higher privileges than
read access and most people do not want to switch between communities.
Best regards,
Frank
Paul Leonovich wrote:
>
>
> Hello guys,
>
> I did not check RFC and I hope it could be correct to check
> community of GET request to match either set read_community
> or write_community and not only read_community.
>
> But I found myself in the following situation:
> I set read community and do not care to call
> RequestList::set_write_community()
> to set write community - so it would be set to 'public' by default.
> And then any GET requests from manager with correct read community
> string AND community 'public' will succeed. I do not think it is very
> safe.
>
> I am not asking a question here I just would like to know your
> oppinion.
>
> Thanks
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.agentpp.org/pipermail/agentpp/attachments/20010918/a42390a8/attachment.htm
More information about the AGENTPP
mailing list