Re: Security: authorization

Mhh, ok just to avoid confusions here: - Pier does not provide a security framework from out of the box. If you need security -- you probably do if you want to run it in public, you need to load one. - There are currently two independent security frameworks available (you probably shouldn't have both at the same time in your image): - Philippe build an ACL based one, that is around for quite a while now and that provides a lot of nice features. Maybe he can explain himself about the features, advantages, and on how to install and use it. - I build a small security model being very similar to the one of Unix. Every structure gets a collection of executable commands for the Owner, the Group and the Others. There is a set of commands to (recursively) change owner, group and modes (similar to chown, chgrp, and chmod). Users and groups cannot be managed trough the web right now, but that will be improved. There is no inheritance. It is very simple from implementation point of view, only a couple of classes and it also works perfectly with OmniBrowser. Load it from http:// mc.lukas-renggli.ch/pier. In the Unix Security framework it is currently only possible to add users and groups trough an inspector within the image. Users and groups are global. As far as I know this is different in Philippe's security system. No, logging into Seaside (/seaside/config) is a completely different story. This is just to manage the Seaside applications. Unix Security: per-page basis, not inherited, new children copy the permission of the parent, default username/password is admin/pier, no overrides ACL Security: Philippe? This is Philippe's code, I don't know. Ask him. Lukas -- Lukas Renggli http://www.lukas-renggli.ch