David L Norris wrote:
> On Tue, 2005-03-01 at 14:19 -0500, Michael Peters wrote:
>>You mean an indexer that was aware of the web server's permissions?
>>Which one? Apache, IIS, Websphere, etc? Web servers can ber configured
>>in such convoluted ways that it would be difficult to just parse a conf
>>file, not to mention custom auth handlers like one would right under
> Well, that's exactly the argument I'm making. It's unreasonably complex
> to implement the convoluted logic required for an arbitrary number of
> web servers. Rather than trying to make Swish-e understand 100
> different web servers I think it would be better to implement that in a
> specialized "-S prog" method script.
I still don't understand how this specialized "-S prog" would work? A
file-level search will *never* be able to respect the access controls
for the web server because for any moderately complex webserver. You
couldn't even look at a file's path and guarantee that you could figure
out the URL for any given file. These decisions are made at request time.
Plus Three, LP
Received on Tue Mar 1 11:55:11 2005