[plt-scheme] Looking for a security consultant with PLT web server experience

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Mon Oct 5 17:05:10 EDT 2009

You would not need your own dispatcher and works with all auth.


(define current-user ...)


(define prev-user (current-user))
(define unauthed-req (send/suspend ...))
(if (has-authenticator? unauthed-req prev-user)
       [(equal? prev-user (current-user))
       [(has-access? (current-user) continue)


On Mon, Oct 5, 2009 at 2:37 PM, YC <yinso.chen at gmail.com> wrote:
> On Mon, Oct 5, 2009 at 4:44 AM, Jay McCarthy <jay.mccarthy at gmail.com> wrote:
>> This, in general, is the method I advise. However, the comment that
>> "This doesn't allow people to, say, email URLs to one another." is not
>> exactly true even when you aren't using the URL dispatcher. The
>> continuation will always be invoked, but if there is extra
>> authentication then it will perform that before doing work. When the
>> authentication isn't there, it doesn't need to just error; it can
>> request authentication and then resume the previous user's computation
>> if it is appropriate. (For example, if the previous continuation was
>> changing the password, then new authentication doesn't allow it, but
>> if it is looking a paper review, then the new authentication would
>> consult the ACL to decide if the paper review should be displayed and
>> maybe it can.)
> Jay -
> this is interesting - do you need to write your own dispatcher to make this
> work?  Also - does it work with form-based auth?
> Thanks,
> yc

Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University

"The glory of God is Intelligence" - D&C 93

Posted on the users mailing list.