Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

Here is the change the request processor.
    # call sudo if it's mounted
    if { [site_node::exists_p -url /sudo] } {
         sudo::checkauth -url [ad_conn extra_url]
    }
It should probably check for the package key instead of the url

I'll see if I can get a postgresql version working. I need to install it on may machine anyway

Barry, it might also be a good idea to cache the result of the exists_p operation, especially if that is being called often.

Let us know if you have an Oracle and Postgres version available. :)