因为项目需要想在网上找点phpGACL的资料,可是在网上遍寻不着,于是只要靠自己很烂的E文水平去看E文原版资料了。看得郁闷之处,不觉开始埋怨 起来,想我堂堂中华居然就没有一E文功底深厚牛人给翻译一下,害得我这么费眼费神地去半蒙半猜地看E文。可能是抱怨的次数过多,朋友忍不住开始说我了,大 概是说我只知道拿E文差做借口,然后就心安理得地边抱怨边享受人家的劳动成果还说慢,做人要厚道之类的话。不过仔细想来也有道理,身为开源社区的一分子, 不能只知索取,不知奉献。E文烂不是也大致看懂了文档吗?难道就不可以翻一下,翻得不好自有高人指点,指点之后不就翻好了吗?怕翻错就把原文也放上来,这 样就算错了,也不至于误导得太厉害,毕竟搞计算机的或多或少还是懂点E文的。于是翻然醒悟,于是就有了这篇phpGACL中文手册。照例在前面加上译者水 平有限,请大家不吝斧正(人家那是谦虚,我这可是事实。汗颜呀!!*^-^*)
phpGACL
Generic Access Control Lists with PHP
基于PHP的通用访问控制列表
About
关于
What is it?
它是什么?
phpGACL is an set of functions that allows you to apply access control to arbitrary objects (web pages, databases, etc) by other arbitrary objects (users, remote hosts, etc).
phpGACL是一组允许你控制对象(用户,远程主机等)访问其他对象(网页,数据库等)权限的函数。
It offers fine-grained access control with simple management, and is very fast.
该组函数可以通过简单的管理提供高精度的访问控制,并且运行地很快。
It is written in PHP (hence phpGACL), a popular scripting language that is commonly used to dynamically create web pages. The GACL part of phpGACL stands for Generic Access Control List.
它是用PHP,一种当前十分流行的通常被用来创建动态网页的脚本语言,编写的(因此被叫做 phpGACL)。phpGACL中的GACL代表Generic Access Control List,即通用访问控制列表。
Where can I get it?
我从哪可以得到它?
phpGACL is hosted by sourceforge.net at http://phpGACL.sourceforge.net/
phpGACL的主机设在sourceforge.net上,可以通过网址是http://phpGACL.sourceforge.net/得到它。
What do I need to run it?
运行它我需要什么条件?
phpGACL要求一个关系数据库用来保存访问控制信息。它通过数据抽象层ADODB来访问该数据库,它能兼容PostgreSQL,MySQL和Oracle数据库。
phpGACL is written in the PHP scripting language. It requires PHP 4.2 and above.
phpGACL是用PHP脚本语言编写的,它要求该语言版本号为4.2或以上。
Access Control List administration is performed by a web interface, and therefore it is necessary to have a web server with PHP support, such as Apache.
由于对访问控制列表的管理是通过WEB界面进行的,因此它必须要有一个支持PHP的WEB服务器,如Apache。
Who is responsible for it?
谁维护它?
Mike Benoit <ipso@snappymail.ca> 是作者和项目管理者.
James Russell ames-phpgacl@ps2-pro.com> and Karsten Dambekalns <k.dambekalns@fishfarm.de> did the documentation.
James Russell ames-phpgacl@ps2-pro.com> 和 Karsten Dambekalns <k.dambekalns@fishfarm.de>制作文档。
没想到一时冲动还就真翻了起来,还把东东放上去了,现在想起来都有点不可思议。不过我一向的原则是既然动手了,那就要有个结果,成功了是快乐,失败了 是经验。半途而废的事倒是不会做,但做的速度会越来越慢倒是常见,所以趁着冲动还在,还是多做做,以免后来有人等得心急,骂娘的声音还是少听为妙!:)
Introduction 介绍
Understanding Access Control
理解访问控制
The best way to explain access control is to use examples with real things rather than trying to relate to concepts.
试着解释访 问控制概念的最好方法就是举个实例,这比纯粹进行概念阐述要好得多。
Han 是"千年隼"号飞船的船长, Chewie 是他的助手。船上已经有了几名乘 客: Luke , Obi-wan , R2D2 和 C3PO , Han 必须要为船上 不同房间如:驾驶室,休息室,发动机室和武器室限制访问权限。(大家是不是觉得这些名字很熟悉呀?我是看了一半才明白这是电影"星球大战"内的人物!)
Han says: "Me and Chewie should have access to everywhere, but after a particularly messy hyperdrive repair, I forbid Chewie from going near the Engine Room ever again. Passengers are confined to the Passenger's Lounge."
Han 说:"我和Chewie可以到飞船上的任何地方,但在那次糟糕的超光速推进器修理之后, 我不许Chewie再靠近发动机室,而乘客们只能待在休息室里。"
Let's assume from now on that access is Boolean. That is, the result of looking up a person's access to a room is either ALLOW or DENY. There is no middle ground.
让我们假设 从现在开始访问权限都是用布尔值来表示的。也就是说,人们进入房间的权限要么是允许,要么是拒绝,而没有其他中间的值。
如果我们将上面Han所说的画出一张表示谁有权访问哪儿的权限表的话,它将会如下表所示 (O表示允许,X表示拒绝)
Who/Where | Cockpit | Lounge | Guns | Engines |
| Han | O | O | O | O |
| Chewie | O | O | O | X |
| Obi-wan | X | O | X | X |
| Luke | X | O | X | X |
| R2-D2 | X | O | X | X |
| C3PO | X | O | X | X |
在上表中,行表示 Han 想要限制访问权限的房间,而列表示要求访问房间权限的人们。衍生开来讲,"房间"就代表 " 控制 权限作用的事物",我们称之为访问控制对象,即 Access Control Objects (ACOs) 。而"人们"则代表"要求权限的事 物",我们称之为访问需求对象,即 Access Request Objects (AROs) 。
There is a third type of Object, the Access eXtention Object (AXO) that we'll discuss later. These objects share many attributes and are collectively referred to as Access Objects.
这里还 有一个第三种对象,叫权限扩展对象,即 Access eXtention Object (AXO) ,我们将稍后对它进行讨论。这些对 象共享许多属性,并作为权限对象一起 被 引用。
Managing access using an access matrix like the one above has advantages and disadvantages.
使用权限表 来管理权限有其优点也有其缺点。
- It's very fine-grained. It's possible to control access for an individual person if necessary.
它可以做到非常精细。可能的话,它可以对每一个人的权限进行单独的控制。 - It's easy to see who has access to what. The answer is stored in the intersection of the person and the room.
它也十分容易看出谁有权做什 么,其结果被保存在人们和房间的交叉点上。 - Disadvantages: 缺点:
- It's difficult to manage on a large scale. 6 passengers and 4 places is fairly simple, but what if there were thousands of passengers and hundreds of places, and you need to restrict access to large groups of them at once, but still retain enough fine-grained control to manage access for an individual? That would mean a lot of fiddly and lengthy adjustment to the matrix, and it's a difficult task to verify that the final matrix is correct.
它对于大规模权限管理而言是困难的,6个乘客与4个房间相对来说是简单的,但如果是上千个乘客和上百个房间该怎么办呢?你需要马上为他们 分配权限,同时又要保证足够的精细度以便能控制其中每一个人的访问权限。这将意味着对权限表的大量 费事冗长的调整,同时也使得确保该表的正确性变得困难重重。 - It's hard to summarize or visualize. The above example is fairly simple to summarize in a few sentences (as Han did above), but what if the matrix looked like this?
它是难以想像和总结的,上面的例子是相当简单的,几句话就可以讲清楚(就象上面Han做得那样)。但如果权限表看得来象下面这样呢?Who/Where
Cockpit
Lounge
Guns
Engines
Han
O
O
O
O
Chewie
O
X
O
X
Obi-wan
X
O
X
X
Luke
O
O
O
X
R2-D2
X
O
X
O
C3PO
O
O
X
O
This matrix is not so obvious to summarize, and it's not clear to the reader why those access decisions might have been made in the first place.
上表就不能 清楚的总结了,而且它也不能很清楚地让人明白首先为什么要这样设定那些权限。 - It's difficult to manage on a large scale. 6 passengers and 4 places is fairly simple, but what if there were thousands of passengers and hundreds of places, and you need to restrict access to large groups of them at once, but still retain enough fine-grained control to manage access for an individual? That would mean a lot of fiddly and lengthy adjustment to the matrix, and it's a difficult task to verify that the final matrix is correct.
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
