Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Re: Re: HTACCES & Cookies

by stevenc (Novice)
on Jun 26, 2002 at 13:35 UTC ( #177378=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: HTACCES & Cookies
in thread htaccess and cookies

I don't claim to be an expert in anything. Thus I don't believe I would be able to do a CGI authentication routine better than the Apache programmers.

You mean the HTTP protocol, not ASF developers. They've just implemented the protocol, not designed the auth routine.

About SSL and mod_perl, I preferred not to cite them. I preferred to focus on the intrinsic weaknesses of a self-made CGI authentication against an (already weak) basic authentication.

What are they? Apart from having to code it oneself, I fail to see the shortcomings. Basic auth is already as insecure as can be, it can't get any more insecure unless the CGI replacement is poorly implemented.

I subscribe your opinion on SSL and mod_perl, with a preference for SSL for the same reasons as before: personally I don't think I would be able to do with a self-made mod_perl handler a job better than SSL.

Bit of confusion I think, I never mentioned anything about writing your own SSL substitute in mod_perl, I merely mentioned you could use SSL to prevent evesdropping on the initial login, which in the case of a form would POST username and password details in even clearer (non-base64 encoded) text than basic auth.

Summing up yes you can do a better job with CGI than basic auth, at the expense of understanding and development time and the fact that clients may choose not to use cookies, and a CGI script must check each cookie on each request.

Steve.


Comment on Re: Re: Re: HTACCES & Cookies

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://177378]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (13)
As of 2015-07-02 16:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (44 votes), past polls