[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL by IP



Pierangelo Masarati wrote:
> Daniel Tiefnig wrote:
>> and i've a qestion about ACLs.. entity matching is still only done
>> via regex..(?) did you guys ever think of implementing smth. like
>> subnet mask matching for IPs? that would simplify ACLs in many cases,
>> and therefor likely speed up things as well..
> 
> There's something like that in HEAD for the domain ACL, that is the
> subtree match has been implemented to avoid using regex to allow, say,
> access to a subnet:
> 
> access to *
> by domain.subtree="polimi.it" read
> 
> which also allows submatches like
> 
> access to dn.regex=".*dc=([^,]+),dc=it$"
> by domain.subtree,expand="$1.it" read

hmm.. actually i thought about something more like
access to netmask="195.3.81.64/28"
:o)

> Subnet mask might be an interesting evolution; note that all of this,
> at least in my opinion and from my personal experience, should not be
> used instead of appropriate authentication.

of course not. (though i do..)

g,
daniel
-- 
This may seem a bit weird, but that's okay, because it is weird.
          -- The Perl v5.0 manual page