Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Re: mod_perl web app design considerations

by vladb (Vicar)
on Sep 03, 2002 at 21:12 UTC ( #194900=note: print w/ replies, xml ) Need Help??


in reply to Re: mod_perl web app design considerations
in thread mod_perl web app design considerations

thanks for your reply, valdez! :)

You go on to say...

What you need instead is authentication, authorization and access control.

But for this to work, wouldn't I have to implement my own Apache module to intercept requests and do authentiation and authorization based on the value of the requested URI? At this stage, I've already written moderate amount of code (due to tight deadlines rather than hard reasoning :) for the www.pagekit.org MVCC framework. The actual framework is very sound and I've come to appreciate both it's simplicity and power. It is also easy to write handles to serve pretty much any content. I also had a past experience serving images from the database.

However, what you are suggesting sounds very enticing. I will appreciate it if you send me links to some resources on the web where I can further delve into this subject. ;-)

_____________________

# Under Construction


Comment on Re: Re: mod_perl web app design considerations
Download Code
Re: Re: Re: mod_perl web app design considerations
by valdez (Monsignor) on Sep 03, 2002 at 21:38 UTC

    Here I am :)

    Chapter 6 from Eagle Book describes what you need:

    In this chapter, we step back to an earlier phase of the HTTP transaction, one in which Apache attempts to determine the identity of the person at the other end of the connection, and whether he or she is authorized to access the resource. Apache's APIs for authentication and authorization are straightforward yet powerful. You can implement simple password-based checking in just a few lines of code. With somewhat more effort, you can implement more sophisticated authentication systems, such as ones based on hardware tokens.

    You can find a copy of this chapter here. mod_perl Developer's Cookbook provides some other examples on the same subject.

    I understand your point about deadlines, I was talking about theory, real life is another story ;-)

    Good luck for your project. Ciao, Valerio

Re: Re: Re: mod_perl web app design considerations
by andye (Curate) on Sep 04, 2002 at 01:50 UTC
    But for this to work, wouldn't I have to implement my own Apache module to intercept requests and do authentiation and authorization based on the value of the requested URI?

    Rather happily, that's an awful lot easier than it sounds. A skeleton authentication handler looks like this:

    package Apache::AuthAny; # file: Apache/AuthAny.pm use strict; use Apache::Constants qw(:common); sub handler { my $r = shift; my($res, $sent_pw) = $r->get_basic_auth_pw; return $res if $res != OK; my $user = $r->connection->user; unless($user and $sent_pw) { $r->note_basic_auth_failure; $r->log_reason("Both a username and password must be provided +", $r->filename); return AUTH_REQUIRED; } return OK; } 1;
    (that'll authenticate on the *presence* of both a username and password, via HTTP Basic Auth - obviously you'd want to substitute a real-world authentication scheme).

    The Eagle book gives full details, and some of it seems to be online here:
    http://modperl.com:9000/book/chapters/ch6.html
    (found through random Googling).

    hth, andye.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://194900]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2014-08-31 06:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (294 votes), past polls