>>>>> "DS" == Dave Shield writes:

DS> Explicitly authorise all contexts.
DS> (This results from a minor alteration in behaviour following another code
DS> change, but feels more secure than automatically opening up all contexts
DS> by default. Though I'm happy to be persuaded otherwise...)

I actually think it should authorize all by default. That's what it's
done before and it's a behavior change. Had it been a bad thing, I'd
of course say otherwise. But I think the default user case will be to
authorize access to all contexts. The rouser, etc, cases are already
convenience wrappers likely to be used by people authorizing a user to
access to almost everything. Contexts also have not been a common way
to separate different security data areas.

The *ability* to limit to a context is certainly important, but I
don't think it needs to limit to just "" by default. Assuming that's
what's going on, because I'm speaking without having read the code of course.
Wes Hardaker
Sparta, Inc.

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Net-snmp-coders mailing list