Client IP makes sense, but URL doesn't.
The purpose of the authenticator is to validate who the user
is, not if he has access to a given URL or not.
Um.. Are you saying "you don't perceive it as useful" or are you saying
"it cannot work" because they are not the same thing at *all*
It is (to me at least) tenable to suggest that if you have a tuple of
{user,password,client-ip,URL}
and you have decided you can live with the delay of an IPC to an external
auth process, the added delay to do some hash on client-ip and URL to derive
a complete "this person, *FROM THIS LOCATION* can get this data" outcome.
cheers
-George
-- George Michaelson | DSTC Pty Ltd Email: ggm@dstc.edu.au | University of Qld 4072 Phone: +61 7 3365 4310 | Australia Fax: +61 7 3365 4311 | http://www.dstc.edu.auReceived on Wed Nov 18 1998 - 16:03:29 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:09 MST