[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security/authentication requirements for 1.3

Subject: Security/authentication requirements for 1.3
From: "Chris Travers" <..hidden..>
Date: Thu, 1 Nov 2007 14:16:04 -0700

Hi all;

Since we decided to go with HTTP authentication for 1.3, we have run
into situations where existing functionality in session timeout cannot
be safely maintained.  I guess I would suggest the following couses of
action for 1.3:

1)  Offer a basic HTTP Auth module which has the following behavior
when a session times out:
   a)  Display a warning that discretionary locks have been released and
   b)  Create a new session.

2)  Offer a cookie-based auth system which requires re-authentication
when the session expires.

Any objection to this direction?

Best Wishes,
Chris Travers

Follow-Ups:
- Re: Security/authentication requirements for 1.3
  - From: John Locke

Prev by Date: Re: batch import and export (CSV)
Next by Date: Re: Security/authentication requirements for 1.3
Previous by thread: Assembly breakdown.
Next by thread: Re: Security/authentication requirements for 1.3
Index(es):
- Date
- Thread