[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] choice of web frameworks

From: Sebastian Hilbert
Subject: Re: [Gnumed-devel] choice of web frameworks
Date: Mon, 12 Jul 2010 22:01:11 +0200
User-agent: KMail/1.13.3 (Linux/2.6.33-6-desktop; KDE/4.4.5; i686; ; )

Am Montag 12 Juli 2010, 20:11:34 schrieb lkcl:
> > I am not sure I fully comprehend this. Could you please explain why a
> global
> > and a personal connection is needed ?
>  ok.  the personal connection is to do personal private secure restricted
> per-user access, yes?  roles play a part, access is denied based on the
> role.
>  so... um... when a browser connects - bearing in mind that you have
> ABSOLUTELY no prior knowledge of whether they have or have not connected
> before, if ever (because HTTP is "stateless") - under what user credentials
> are you going to connect to the database as, in order to ascertain from the
> cookie whether there is a session outstanding, when the session information
> is stored.... in the database!

>  for that purpose, you can't use any of the other personal private secure
> restricted per-user connections, can you?
>  but, until you've determined what the user is (from the session cookie),
> you can't safely decide which one of those per-user connections to actually
> use to serve the data!
>  catch-22.

I trust you on that one. 

My thoughts were like this. Couldn't one connect to the database with the 
credentials supplied (kind of global=personal)? If the connection is 
successful check for the cookie.

I hope the above is not total nonsense. 

Did you review the info about the Albatross framework ? Is it of any help ?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]