AppSamurai TODO --------------- * doc - A Howto? * doc - Clean up Pod. (Lots of overlong lines) * doc - Add method documentation to modules. (Missing on many, including "alterlist" related methods.) Add skips for any that don't warrant full docs and then enable t/99-pod-coverage.t * usability - RealmThingThisThatJimmyCrackCorn... bleh.. need to add some nicer config syntax like: Realm.Thing1.Subthing = Whatever * feature - Add "last access" tracker and complementary stale session data cleaner. (Could use for in-prog audit trail, too, just don't log anything sensitive) * feature - Add more auth modules (volunteers?) Potential candidates: = Web form - Use LWP::UserAgent to attempt login to a form login based web page = TACACS+ - Using Net::TacacsPlus? = CAPTCHA - Using Authen::PluggableCaptcha or Authen::Captcha? = OpenID - Using Net::OpenID::Consumer? = ** AuthSimple (using Authen::Simple) support most other major authentication options * feature - Add multi-stage login support (for challenge/response, next tokencode mode, NTLM/Kerberos integrated IE auth, etc.) * feature - CheckUrl is weak and more extensive URL/header sanity filtering is needed * feature - Logout is crude and blocks application's native logout. Add a capture system to send logout request to backend, then bundle into session kill and send back to browser. * feature - Add alterlist configuration options (for Apache config) * feature - Should refactor the Session, Tracker, and AlterList into individual modules. AppSamurai.pm is WAY too fat a pig. * feature - Modularize/generalize the Tracker feature to be like Auth system. * feature - Add a tracker based filter for dynamic rule based filtering, and a small Perl tool to modify the tracker externally. Example use: Blocking a specific Windows Mobile device ID. * uber-feature - Filter server responses. (Would require skipping mod_proxy in Apache 1.x and doing a direct fetch) ---- $Id: TODO,v 1.28 2008/05/03 06:43:22 pauldoom Exp $