Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

MySQL, PERL and web authentication

by bman (Sexton)
on Jan 10, 2001 at 08:36 UTC ( #50869=perlquestion: print w/replies, xml ) Need Help??

bman has asked for the wisdom of the Perl Monks concerning the following question:

This question is probably not directly related to PERL but because I will be using it, I would like to ask you where I can find some docs that would deal with this subject.

I will be creating MySQL database (nothing serious) with PERL user interface. I also will want to authenticate users via MySQL.

I would greatly appreciate any info on the subject (I am mostly interested in the authentication part, namely, how one goes away from basic authentication and uses MySQL to accomplish that).


Replies are listed 'Best First'.
Re: MySQL, PERL and web authentication
by lhoward (Vicar) on Jan 10, 2001 at 08:46 UTC
    If you're ysing apache you should check out Apache::AuthDBI. It comes with Apache::DBI and provides for authentication against any DBI datasource. It is a breeze to set up too.
Re: MySQL, PERL and web authentication
by wardk (Deacon) on Jan 10, 2001 at 19:42 UTC

    While I haven't used this method with MySQL, I have used (and seen others use) the following method for authentication using an RDBMS.

    Capture the users password, and use Perl's crypt to encrypt it ( I've see the salt stored in the database as well as the salt derived from a standard repeatable function). Store the encrypted password. At login, take the users password as entered and encrypt using the same method. Then compare the two encrypted strings. If they match, let them in. Once nice thing about this method, is that crypt is part of Perl, thus can be portable across platforms.

    I am interested in other methods of doing this, or of any stories from others where this sort of method was insufficient. One scenario I am currently dealing with is an application that uses a set of login tables that have Perl crypted passwords. the app is a Cold Fusion app on NT. They cannot grok the we had to provide a workaround (that's a story for some other node)

    Disclaimer: The above method I mention has only been utilized in either an inside-the-firewall or https connections. If not using encrypted tranmissions or safe behind a firewall, your passwords will be sent in the clear...thus sniffable by the bad guys.

      Rather than use crypt(), I'd recommend thinking about MD5 style hashing for the password encryption. I ++ed this post because of the 'HTTPS' recommendation. In-the-clear passwords protect nothing from the dishonest, they just keep honest people honest.

      $you = new YOU;
      honk() if $you->love(perl)

        I'll have to take a look at MD5 style hashing, thanks for the alternative.

        on the issue of clear transmissions... Due to issues that can only happen in large organizations, we are fighting a move to remove SSL from our single-login system to a straight http configuration... the reason? Users are getting fed up with accepting certificates, and being warned of a redirect (netscape is the standard and this dialog cannot be "turned off") and complaining loudly. I wish I could say I was making this up for a Dilbert/UserFriendly strip, but I am not...they want to remove the security from the security system.

        Next they'll remove the door security because people are growing tired of having to swipe their badges through...arghhhh

        If someone wants to write a Perl module that thwarts stupidity, I'll beta test!

Re: MySQL, PERL and web authentication
by swiftone (Curate) on Jan 10, 2001 at 19:58 UTC
    I'm using mod_auth_mysql to authenticate my users via Basic Authentication and a MySQL database. User and group is then available via my environment variables to my perl scripts (note this is a non-mod_perl solution).

    It's a bit of a pain to install, mainly because the maintainer and primary website has vanished, but the code still works (available from the Mysql site contribs), and it's open source so you can correct it as needed. The trick to installing it is realizing that it wants the _build_ directories for apache and mysql, not the _install_ directories. (Why, I don't know).

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://50869]
Approved by root
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (2)
As of 2020-08-15 17:18 GMT
Find Nodes?
    Voting Booth?
    Which rocket would you take to Mars?

    Results (79 votes). Check out past polls.