I am wondering how are you implementing some authentization mechanism when deploying FCKeditor. Because the editor does not implement any authentization layer (as far as I know?), one could probably set up an HTPP authentization over the editor directories, but that's not very convenient.
I use standard PHP/MySQL sessions based authentization mechanism. There's no problem with rendering the editor -- one can use the PHP class (fckeditor.php) and instantiate only if session is valid. But the flat files are still publicly accesible.
Different problem is posed by the filemanager (which is otherwise very well done!) -- no authentization is again supported. Again, simple solution is to check session data in the connector (PHP in my case), but that still leaves the flat files publicly accesible.
Has anyone some working scheme? (Preferably for PHP environment.) How do you handle authentization problems?
I do think, that some transparent authentization mechanism is essential for the future of FCKEditor, which is otherwise very well built! (Thanks for the work!)
Karel
I use standard PHP/MySQL sessions based authentization mechanism. There's no problem with rendering the editor -- one can use the PHP class (fckeditor.php) and instantiate only if session is valid. But the flat files are still publicly accesible.
Different problem is posed by the filemanager (which is otherwise very well done!) -- no authentization is again supported. Again, simple solution is to check session data in the connector (PHP in my case), but that still leaves the flat files publicly accesible.
Has anyone some working scheme? (Preferably for PHP environment.) How do you handle authentization problems?
I do think, that some transparent authentization mechanism is essential for the future of FCKEditor, which is otherwise very well built! (Thanks for the work!)
Karel
RE: Authentization of editor and filemanager
FCKeditor is often used as part of another CMS or system of some sort. Trying to second guess how people are going to want to use it is not easy.
I think the mulltiple OS connectors are already starting to push the boundaries of what should be included in the core product. These kinds of things are complex, require lots of testing, and distract from the development of the core editor.
RE: Authentization of editor and filemanager
I very much like the idea of filemanager "Connectors". The way it's done, it doesn't depend on any particular server technology, one can always write it's own connector etc. I would think, that something similar would be very useful to implement concerning authentization. Of course, there could be a flat "no authetization" implementation. But i one would like, there would be some implementation with auth support (I think along the lines of various "renderers" of FCKeditor, as they are present in the current package for PHP, ASP, etc.).
But of course, I understand, that resources are limited. =) I can help with PHP implementation.
Karel