Let's add a column to each script in the security schema to specify whether or not that script can be called by a URL. Turn if off by default.
Add privilege to run script by URL to security schema
- Comment • 8
Let's add a column to each script in the security schema to specify whether or not that script can be called by a URL. Turn if off by default.
I'm proposing that the ability to run a script by URL be set at the privilege set level. So (1) a user has to be authenticated (whether they are already logged-in or something is included in or parallel to the URL call), and then (2) my proposal kicks in to check that the requested script can be run in the user's privilege set. The point is that developers should be able to control what scripts can and can't be called by URL, and the privilege set script settings seems to me as reasonable a place as any to do it. Authentication is a separate (pre-requisite) issue.
Hi Jeremy,
Don't forget to vote it up yourself.
Best,
Beatrice