Why are both authentication and authorization policies required ?
36 views
Skip to first unread message
Georges Dubus
Jun 19, 2012, 9:57:15 AM6/19/12
to pylons-...@googlegroups.com
Hi,
This was a question on stackoverflow a few days ago that wasn't really answered[1] :
Why are both authentication and authorization policies required ? Having an authentication policy without any authorization makes sense in many application (first example in mind : some kind of basic chat). Is there a design decision behind this ?
[1] http://stackoverflow.com/questions/10989985/pyramid-why-cant-i-use-an-authentication-policy-without-an-authorization-polic
Thanks,
Georges
This was a question on stackoverflow a few days ago that wasn't really answered[1] :
Why are both authentication and authorization policies required ? Having an authentication policy without any authorization makes sense in many application (first example in mind : some kind of basic chat). Is there a design decision behind this ?
[1] http://stackoverflow.com/questions/10989985/pyramid-why-cant-i-use-an-authentication-policy-without-an-authorization-polic
Thanks,
Georges
Jonathan Vanasco
Jun 19, 2012, 10:16:31 AM6/19/12
to pylons-discuss
FWIW, I use my own authorization and authentication schemes -- ie, I
don't use any of pyramid's auth. You're not required to. It's fairly
trivial to just roll your own.
don't use any of pyramid's auth. You're not required to. It's fairly
trivial to just roll your own.
Michael Merickel
Jun 20, 2012, 1:27:15 AM6/20/12
to pylons-...@googlegroups.com
Hi, I answered your question on SO. I just thought I'd chime in here
that I wasn't kidding.. there really isn't a solid reason why it's
required. If you really feel strongly about this open an issue on the
tracker but I'd consider it bike shedding. Again, be aware that there
is *zero* performance penalty for just defining the
ACLAuthorizationPolicy in your app if you only ever use the
authentication policy functionality within Pyramid, so just define it
and move on. :-)
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/8vJBY4j5to0J.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pylons-discuss?hl=en.
that I wasn't kidding.. there really isn't a solid reason why it's
required. If you really feel strongly about this open an issue on the
tracker but I'd consider it bike shedding. Again, be aware that there
is *zero* performance penalty for just defining the
ACLAuthorizationPolicy in your app if you only ever use the
authentication policy functionality within Pyramid, so just define it
and move on. :-)
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/8vJBY4j5to0J.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pylons-discuss?hl=en.
Georges Dubus
Jun 20, 2012, 2:20:49 AM6/20/12
to pylons-...@googlegroups.com
Thanks for the answers !
It wasn't my question originally, and I have nothing against the builtin authentication policy. I was just wondering, out of curiosity, if there was a reason I ignored for this.
It wasn't my question originally, and I have nothing against the builtin authentication policy. I was just wondering, out of curiosity, if there was a reason I ignored for this.
Reply all
Reply to author
Forward
0 new messages