Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Never Write Another Login Script Again!

by eweaverp (Scribe)
on Jul 09, 2003 at 00:37 UTC ( [id://272524]=note: print w/replies, xml ) Need Help??


in reply to Never Write Another Login Script Again!

I say, if it works, upload it, with your email address, and if people want to use it, they will use it. If there are bugs, they may complain to you, or they may fix it, and _then_ complain to you.

It certainly seems useful; although not for me. You may want to think carefully about extensibility options. Is it easy to add new fields (even required fields?) Is there an clean API exposed that makes it easy to fool with the underlying procedures if it is necessary? Or is everything locked up pretty tightly?

How secure will it be? Plain-text storage? Encryption of some mysterious kind? SSL connections for log-in?

Can it also control access to plain .html files, and not just CGI content? Will it integrate with .htaccess?

No matter what, nobody's going to get hurt. So upload at will.

~evan

Replies are listed 'Best First'.
Re: Re: Never Write Another Login Script Again!
by jbeninger (Monk) on Jul 09, 2003 at 03:11 UTC
    Thanks everyone for your comments. It's definitely given me some things to think about, as well as a tentative feeling that I'm on the right track :)

    The scope of this project is web apps with a relatively simple login process - PM for instance. It is not meant to be standalone user management system. It's still up to the developer to add the user preferences, admin areas, etc. if they're required. One motivation was that a login system could be implemented quickly, and then refined later.

    When creating a new LoginRequired instance, a number of parameters can be used to customize the login process. These are things like "user_id_field", "password_field" that define database column names and a "confirmation_fields" array defining which fields are used to confirm an identity before emailing a user a password. Just about anything I could make customizable I did.

    I've also worked at making it relatively simple to use different technologies for session and user management. Overloading the "getSession" and "commitSession" functions is all that's required to change the way sessions are stored. There's a similar set of functions in the works for storing user information.

    Given the comments here, I think I'll take a couple of days to refine and document the beast and put it up on CPAN. I was going to go further in describing it, but it's easier when there's some code I can point to.

    Thanks again for the comments.
    James

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://272524]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2024-03-19 09:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found