[thesite] Back to the Drawing board for UEUE?
.jeff
jeff at members.evolt.org
Mon Nov 12 00:45:12 CST 2001
martin,
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Martin
>
> > I think that all our security paranoid, no matter how
> > justified (which I believe is valid), is causing us
> > to question heavily the possibility of a cookie-based
> > UEUE. Remember, the O'Reilly solution worked because
> > all subsite where directly controlled by O'Reilly.
> > In our case, we are planning on opening this up to
> > sites not directly under our control.
>
> I think that is the one single core stumbling block of
> a cookie solution.
>
> Unless we leave out meo of course.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
that's just the thing though. leaving out m.e.o. is *very* difficult. the
only way to do it is to do something that would render ueue almost useless
and that's to set cookies for fully-qualified domains (ie, admin.evolt.org)
instead of the evolt.org domain as a whole (.evolt.org). doing this means
there won't be any authentication cookies for m.e.o to send/receive, thereby
giving us the needed peace of mind. however, it now means that the
authentication process would have to set a cookie for *every* site that
needs to "hook in". see the difference?
thanks,
.jeff
http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/
More information about the thesite
mailing list