Dennis Allison wrote:
Good thought, but it doesn't fit the dynamics of the situation and does not scale. I'm still thinking a path based access permissions approach ought to work provided the access controls are hard to disable and provided the number of legal access paths is relatively small.
Well if you want to secure access rules further I threw a patch into the collector ages ago to remove the silly traversal stack semaphore, its in there somewhere, but if it was me I'd probably write a custom product for something like this. You need 1 object that can identify a user, their state, and control the logic behind what they are presented with next. While that object probably needs to be traversable, there's no reason the objects representing your data (the tests/answers) need be. -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa