[plt-scheme] Looking for a security consultant with PLT web server experience

From: YC (yinso.chen at gmail.com)
Date: Mon Oct 5 16:37:23 EDT 2009

On Mon, Oct 5, 2009 at 4:44 AM, Jay McCarthy <jay.mccarthy at gmail.com> wrote:

> This, in general, is the method I advise. However, the comment that
> "This doesn't allow people to, say, email URLs to one another." is not
> exactly true even when you aren't using the URL dispatcher. The
> continuation will always be invoked, but if there is extra
> authentication then it will perform that before doing work. When the
> authentication isn't there, it doesn't need to just error; it can
> request authentication and then resume the previous user's computation
> if it is appropriate. (For example, if the previous continuation was
> changing the password, then new authentication doesn't allow it, but
> if it is looking a paper review, then the new authentication would
> consult the ACL to decide if the paper review should be displayed and
> maybe it can.)
>
> Jay -

this is interesting - do you need to write your own dispatcher to make this
work?  Also - does it work with form-based auth?

Thanks,
yc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20091005/eda687bb/attachment.html>

Posted on the users mailing list.