incubator-tashi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Stroucken <...@cmu.edu>
Subject Re: new client option
Date Wed, 13 Jun 2012 21:16:01 GMT
Richard Gass wrote:
> HI Michael,
>
> One thing that we should start thinking about is the seperation of
> "admin" level features.  Since in many cases, the client is available
> to all users, some features should be blocked, via user
> authentication, or just seperated into another "admin client".  What
> do you think?
>   

Hi Richard,

I think long term a separate admin client may be useful, so that the 
user client isn't too cluttered with commands normal users won't have a 
need or rights for.

I think it is important to not trust the client; to do the priv check on 
the server side.

Greetings,
Michael.

Mime
View raw message