appspace pollution :)

Miguel Barreiro Paz <>
Mon Nov 11 11:25:38 CET 2002

> - you can't uniquely identify a client by IP address if that IP address is
> the address of their proxy server.  I've been trying to avoid cookies at
> all costs, but for a public user system, they might be a necessary evil.
> On the other hand, associating user logins to an IP address should be OK
> for an intranet server.

	Not even in an intranet. For whatever (ugly) reasons you are
sometimes forced to use NAT inside the intranet, or don't have control
over the whole network (and, well, the IBM intranet for example is bigger
than Internet was for quite a few years :-)). If you absolutely can't use
cookies, you can rewrite per-session URLs to include an explicit session
ID. Combined with SSL it's not too bad. Combined with client-side SSL
certificates it gets much better.

> - if there is an inherent flaw in all common web servers it is that they
> serve objects from the filesystem - the same place the important stuff
> (OS, programs, data, etc) is.  The use of chroot should be investigated
> for having OpenFlax serve files.  The practice of serving objects from a
> database (like the wikie) should be investigated.  The webserver code

	Oracle has been touting it for a while and it certainly has its
pros. I still think that for most practical purposes the filesystem is the
database of choice :-) but there's certainly beauty in diversity and



More information about the erlang-questions mailing list