Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Perl CGI Secure Authentication

by dburke (Novice)
on Oct 06, 2012 at 02:34 UTC ( #997566=perlquestion: print w/replies, xml ) Need Help??

dburke has asked for the wisdom of the Perl Monks concerning the following question:

So, this is my first perl cgi script and I have very basic session management going right now using CGI::Session. My question is what would be a good module to use for user authentication? I would like to focus on security; I already don't like the idea of using cgi params or cookies, but I don't know any better... I'm currently planning on using very restrictive cookies to manage sessions, but that's another issue. Any help is greatly appreciated and if you need any more info I would be happy to supply it. Thank you! (Love this community so far!)

Replies are listed 'Best First'.
Re: Perl CGI Secure Authentication
by Plankton (Vicar) on Oct 06, 2012 at 03:09 UTC

      Yes, actually there are quite a few ways to authenticate to an Apache server/site.

      On this url: you will find a good explanation of how to set up an Apache website to use something called Radius authentication. There is also Basic (which was already mentioned) along with a few other methods which are typically implemented the same way.

      What will happen when you set up this type of authentication is when the user goes to the website, a dialog box will pop up asking for user id and password. Once that is entered the user will have access to that site from then until they close their browser...

Re: Perl CGI Secure Authentication
by moritz (Cardinal) on Oct 06, 2012 at 10:50 UTC
    I already don't like the idea of using cgi params or cookies

    Cookies are pretty standard. Or you could use HTTP basic authentication.

    But if you want to be secure, you'll have to use HTTPS anyway. And then you can client-side SSL certificates for authentication. But be warned, compared to cookies they are a pain to create, set up and maintain.

Re: Perl CGI Secure Authentication
by nikosv (Deacon) on Oct 06, 2012 at 13:51 UTC

      and instead go for digest authentication

      Hmm, seems to me it is a proposal for an implementation, but there is no actual implementation anywhere -- in other words, unsupported by anthing, ie useless

        unsupported by anthing, ie useless

        what do you mean? looks like you are missing the point. The paper says that digest authentication was and is here it just hasn't taken off for usability reasons and suggests how to overcome those so it can be considered as a viable alternative to cookies

        on the contrary it is very usefull since you cannot disregard the paper's educational and awarenes raising value by going through the pros and cons of each option which directly answers the OP's question who is looking for those alternatives

Re: Perl CGI Secure Authentication
by Anonymous Monk on Oct 06, 2012 at 08:28 UTC
Re: Perl CGI Secure Authentication
by scorpio17 (Canon) on Oct 08, 2012 at 13:19 UTC

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://997566]
Approved by Athanasius
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (3)
As of 2022-08-12 23:47 GMT
Find Nodes?
    Voting Booth?

    No recent polls found