Access control

[Steven Cummings <cu...@netscape.net>]

I know access control has already been discussed on this list before, but I want to ask what the best strategy would probably be for adding it on my own. 

It seems to me that if you just implement access control at the application layer, a programmer could still remotely access your data db instance over http if he or she knows the port number. So I was thinking along the lines of somehow controlling the http access or the services that are obtained from collection objects so that they require credentials to be passed. Perhaps this isn't the best approach (that is why I'm asking! >8)

I also notice that under the system collection there are subcollections SystemGroups, SystemUsers, and SystemAccess (and others). Can I place documents in these describing access control and if so will Xindice actually enforce my access control rules? I see in the API-docs that there is a security package. Does THAT have anything to do with this? I couldn't find anything about this in documentation nor the mailing list archives. Thanks for any help.

/S

-- 
Steven Cummings <cu...@netscape.net>
Columbia, MO



__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/