Changes between Version 14 and Version 15 of MapGuideRfc20
- Timestamp:
- Oct 23, 2007, 3:33:47 PM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
MapGuideRfc20
v14 v15 48 48 This RFC is strictly an API enhancement. !GetUserForSession exposes information already maintained by the !MapGuide Server. !EnumerateGroups and !EnumerateRoles will be implemented using existing functionality. 49 49 50 With the new API, hijacking a session identifier will allow access to the user name, groups, and roles for a particular user. Use of HTTPS will reduce the likelihood of session hijack for web sites requiring security.50 With the new API, hijacking a session identifier will allow access to the userid, groups, and roles for a particular user. Use of HTTPS will reduce the likelihood of session hijack for web sites requiring security. 51 51 52 52 == Test Plan == 53 53 54 Write a simple app to verify that users can access their own groups and roles and cannot access information from other groups and roles.54 Write a simple web application to verify that users can access their own groups and roles and cannot access information from other groups and roles unless they have author or administrator privileges. 55 55 56 56 == Funding/Resources ==
