[cgiapp] What to do about a documentation mismatch

Cees Hek ceeshek at gmail.com
Mon May 31 19:04:20 EDT 2010


On Tue, Jun 1, 2010 at 2:28 AM, Nicholas Bamber <nicholas at periapt.co.uk> wrote:
> I should really own up and say I have some philosophical issues with
> this filter stuff. It's mostly designed to work with the DBI driver but
> I do not agree with the DBI driver's approach. I think an authentication
> driver should be a robust implementation of a specific trusted
> authentication algorithm. The DBI driver instead tries to be a lego set
> of authentication bricks. I think this approach is doomed because not
> only does the implentation have to be good, but the specific
> configuration must be as well.
>
> So my long term plan is:
> 1.) Do the best that can be done with the DBI driver.
> 2.) Provide a robust driver as soon as I am confident I can produce one.
> It stills needs to be flexible but probably not as flexible as the DBI
> driver. I would like to copy the algorithm from ESAPI but they have not
> finalized their guidelines.
> 3.) Deprecate the DBI driver.

I think in most situations it is easiest to use either the Generic
Driver, or to choose one of the modules from the Authen::Simple suite
of modules (all of which are supported).  That is generally what I do.

So I don't see any issues with either deprecating the DBI driver (over
several releases), or what would probably be better, breaking it out
into it's own distribution so that it is not installed by default.

Note that Authen::Simple has it's own Authen::Simple::DBI module that
can be used ins place of the default DBI driver in
CAP::Authentication.

Cheers and thanks for continuing this work,

Cees


More information about the cgiapp mailing list