Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

user authentication

by kisaruku (Initiate)
on Jun 15, 2004 at 18:46 UTC ( #366999=perlquestion: print w/ replies, xml ) Need Help??
kisaruku has asked for the wisdom of the Perl Monks concerning the following question:

I'm relatively new to perl, so not sure about all the options. I'm building a cgi system, and am trying to figure out what is the best method for user authentication. The system has only one cgi that takes requests and dynamically finds and executes the methods available.

I would like the system to allow anyone to use certain methods, but require authentication for using others. I only want it to request authentication when a user attempts to use one of the protected methods.

The system has to be portable and it can make no assumptions about the webserver except that cgi and perl are available. So I don't think http's WWW-Authenticate is available. I would also like to avoid cookies if possible.

Any ideas or information? Thanks.

Comment on user authentication
Re: user authentication
by Juerd (Abbot) on Jun 15, 2004 at 18:51 UTC

    what is the best method for user authentication

    That depends on what you need. If you need security, SSL (https) fixes those things outside of the programming language, allowing you to focus on the easier things. One easy way to implement authentication is HTTP Basic authentication. This usually generates a dialog window that asks the user for username and password. The biggest drawback is that there isn't an easy and solid way to log out: a user stays logged in for as long as the browser remembers the password, which is usually as long as the browser has a window open. If that is a problem, cookies + sessions are probably what you're looking for. In that case, you'll have to do a lot more.

    Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

      It's not hard to log out the user at all:
      Just return the status code RC_UNAUTHORIZED (401) and most browsers will forget the username/password combination.

        Just return the status code RC_UNAUTHORIZED (401) and most browsers will forget the username/password combination.

        And prompt for a new one.

        Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

Re: user authentication
by freddo411 (Chaplain) on Jun 15, 2004 at 19:05 UTC
    You've opened the can of worms on a fairly complex subject.

    I Highly recommend that you structure your code using CGI::Application and that you make use of CGI::Session::Auth to create persistant authentication sessions. Note that this uses cookies (why wouldn't you?) Using cookies is the standard way to store pointers to persistant information.

    If you simply wish to pop a username/passwd challenge for each CGI invocation, as noted above you can do this. Keep in mind you'll still have to write (or borrow) code to solve the problems of authenticating/storing the name/passwds. CPAN is your friend.

    goodluck.

    -------------------------------------
    Nothing is too wonderful to be true
    -- Michael Faraday

Re: user authentication
by bradcathey (Prior) on Jun 15, 2004 at 19:56 UTC
    A similar question was asked after this posting. Follow that thread as well. For a taste of what you will find if you SuperSearch, try this one.

    —Brad
    "Don't ever take a fence down until you know the reason it was put up. " G. K. Chesterton

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://366999]
Approved by freddo411
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (8)
As of 2014-08-27 09:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (235 votes), past polls