[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL by IP

Pierangelo Masarati wrote:
> Daniel Tiefnig wrote:
>> and i've a qestion about ACLs.. entity matching is still only done
>> via regex..(?) did you guys ever think of implementing smth. like
>> subnet mask matching for IPs? that would simplify ACLs in many cases,
>> and therefor likely speed up things as well..
> There's something like that in HEAD for the domain ACL, that is the
> subtree match has been implemented to avoid using regex to allow, say,
> access to a subnet:
> access to *
> by domain.subtree="polimi.it" read
> which also allows submatches like
> access to dn.regex=".*dc=([^,]+),dc=it$"
> by domain.subtree,expand="$1.it" read

hmm.. actually i thought about something more like
access to netmask=""

> Subnet mask might be an interesting evolution; note that all of this,
> at least in my opinion and from my personal experience, should not be
> used instead of appropriate authentication.

of course not. (though i do..)

This may seem a bit weird, but that's okay, because it is weird.
          -- The Perl v5.0 manual page