4 Mar
2002
4 Mar
'02
4:18 p.m.
"SecurityGetUser = Return the current user object. This is normally the same as the REQUEST.AUTHENTICATED_USER object. However, the AUTHENTICATED_USER object is insecure since it can be replaced" This is something that has been confusing me, since it is never explained. How much I should worry about that REQUEST.AUTHENTICATED_USER is changed - and is there much performance downside or something else for using the SecurityGetUser -- which goes all the way back to the Security Manager to get the user. -huima