Perl-Sensitive Sunglasses | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
On security, make it transparent as possible. Create classes that implement the overall picture, piece by piece. For instance, a "forgot password" class would do a bit of work to either grab your email address or username and mail out a password.
But these classes would never do silly things like call CPAN packages directly for doing email or database calls. Usually not. They should call an API that you design to do these things. Something similar to $user = $api->get_user({id=>$id}); $api->mail_password({user=>$user}); Then you need to use either the facility of your language or your api, to deal with security. It should be VERY light weight and pluggable. Why? Testing is hard. Really hard. Switching gears by adding new authentication schemese is hard as well. Or providing new schemes, like single-signon, RSA keys, browser certs. Think of it as hard as swapping DBs. At least with databses, and a user-written API, you can swap DBs without disrupting all those classes that implement the overall picture. :) I could imagine something simple like, using the perl autoloader to act as a transparent proxy to your api calls. So you could do something like:
If for some reason, a day I don't want to use my Exussum::Api, and use some sorta test api that doesn't do real work, I may feed my SecureApi, Exussum::TestApi. It's a lot to take in. A hell of a lot. Summed up, some things, like DB access, security, cross-cutting visual design (think left bar, top banner, w/ a logo and colour scheme via CSS), usually should be very lightweight. Otherwise, you tie yourself down to the underlying technology with unusally specific, rigid requirements. In reply to Re: OT: WebApp Authorization Question
by exussum0
|
|