[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Subject: Linking with security
Presuming that XML is *not* the native storage format for the data, simply filter it out server side when generating the XML in the first place. If you must use an external entity, couldn't it be empty or contain an innocuous element (e.g. <DoNotDisplay/>) that is thrown away during HTML rendering? Also, top level attributes of the EmployeeDatabase element like hasHistory="1" hasLeave="1" hasDiscipline="0" may simplify stylesheet and/or javascript logic used to generate (or not) the appropriate headers, borders, etc. for each section of the HTML "report". For this truly sensitive data, I presume also that you are not using basic authentication? As you probably know, both Netscape and IIS web servers have pretty decent support for client certificate based authentication based on SSL. Hope this helps, Charles Reitzel On Tue, 10 Aug 1999, Wendy Cameron wrote: >Subject: Linking with security > >Essetially what i have is as follows ><EmployeeDatabase> > <Employee ServiceID="1"> > <History> > various history stuff > <History> > <Leave> > varoious leave stuff > <Leave> > <Discipline> > varoiuos discipline stuff > <Discipline> > </Employee> ></EmployeeDatabase> > >I have group of users that have access to all the >information about employees. Within this group of >employees I have a sub set that have permission to >see disciline details. > >when the user hits the web site the user is Authenticated >and it is known what type of user it is. >Based on this knowledge I want to >If user has access to discipline > Show Discipline >else > Dont show discipline >End > >Weve thought of using Entity References to date if the >discipline file to which the entity refers does not exist >then we get no XML what so ever when we actuall want >every thing else but the discipline or except the entity >that is referenced. (Ohh im using IE5) This is not suitable > >Im thinking maybe I could write an IE5 behaviour that retrieves >the discipline xml parses it and adds it to the employee xml if >it is available to this user and then retransforms. > >Problem with this is i dont know how to acheive it quite. Im aware >I can assign behaviors to xml but are they activated (or how can >they be activated) when parsed into a ActiveX xml dom? > >Does anyone have any suggestions? > > xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@i... Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1 To (un)subscribe, mailto:majordomo@i... the following message; (un)subscribe xml-dev To subscribe to the digests, mailto:majordomo@i... the following message; subscribe xml-dev-digest List coordinator, Henry Rzepa (mailto:rzepa@i...)
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|