[dev] Deny permissions
Jason Rust
jrust at rustyparts.com
Tue May 27 21:36:39 PDT 2003
> Not the way things currently are. You could create a group that all users
> are a member of, and grant permissions to that group.
The problem with creating a group is that I would have to make a group
that allows everybody who can log on via our imap server to be in the
group. One idea is to allow groups to take regular expressions, so a
group could be made that is something like *@example.com, which might be
useful for some things, but that introduces a host of other security
risks (and coding time ;).
> Or, I could see it
> being reasonable to treat guest permissions as an all-or-nothing - i.e.,
> don't check any permissions other than explicit guest permissions for guest
> users.
I like the idea of guest permissions being explicit since it would seem
to be a more secure approach to something as "open to the world" as a
guest-accessible application. I can submit a patch if this is something
you would consider implementing.
-Jason
More information about the dev
mailing list