Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Perl CGI Secure Authentication

by dburke (Novice)
on Oct 06, 2012 at 02:34 UTC ( #997566=perlquestion: print w/replies, xml ) Need Help??
dburke has asked for the wisdom of the Perl Monks concerning the following question:

So, this is my first perl cgi script and I have very basic session management going right now using CGI::Session. My question is what would be a good module to use for user authentication? I would like to focus on security; I already don't like the idea of using cgi params or cookies, but I don't know any better... I'm currently planning on using very restrictive cookies to manage sessions, but that's another issue. Any help is greatly appreciated and if you need any more info I would be happy to supply it. Thank you! (Love this community so far!)

Replies are listed 'Best First'.
Re: Perl CGI Secure Authentication
by Plankton (Vicar) on Oct 06, 2012 at 03:09 UTC

      Yes, actually there are quite a few ways to authenticate to an Apache server/site.

      On this url: you will find a good explanation of how to set up an Apache website to use something called Radius authentication. There is also Basic (which was already mentioned) along with a few other methods which are typically implemented the same way.

      What will happen when you set up this type of authentication is when the user goes to the website, a dialog box will pop up asking for user id and password. Once that is entered the user will have access to that site from then until they close their browser...

Re: Perl CGI Secure Authentication
by moritz (Cardinal) on Oct 06, 2012 at 10:50 UTC
    I already don't like the idea of using cgi params or cookies

    Cookies are pretty standard. Or you could use HTTP basic authentication.

    But if you want to be secure, you'll have to use HTTPS anyway. And then you can client-side SSL certificates for authentication. But be warned, compared to cookies they are a pain to create, set up and maintain.

Re: Perl CGI Secure Authentication
by nikosv (Chaplain) on Oct 06, 2012 at 13:51 UTC

      and instead go for digest authentication

      Hmm, seems to me it is a proposal for an implementation, but there is no actual implementation anywhere -- in other words, unsupported by anthing, ie useless

        unsupported by anthing, ie useless

        what do you mean? looks like you are missing the point. The paper says that digest authentication was and is here it just hasn't taken off for usability reasons and suggests how to overcome those so it can be considered as a viable alternative to cookies

        on the contrary it is very usefull since you cannot disregard the paper's educational and awarenes raising value by going through the pros and cons of each option which directly answers the OP's question who is looking for those alternatives

Re: Perl CGI Secure Authentication
by Anonymous Monk on Oct 06, 2012 at 08:28 UTC
Re: Perl CGI Secure Authentication
by scorpio17 (Abbot) on Oct 08, 2012 at 13:19 UTC

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://997566]
Approved by Athanasius
[Corion]: Oh yay. The (external, not guided by me) programmers have chosen Moose+DBIx::Class for some implementation, and now seem to do 1+n SELECT statements for each row, as is usual when using ORMs.
[Corion]: So maybe I should investigate how to plug in a cache in front of DBIx::Class so I can do a ->selectall_hashre f and then satisfy the "sub"-selects from that cached single SELECT statement ...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (7)
As of 2017-09-25 10:59 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (279 votes). Check out past polls.