Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Wise monks,

I have a database application that has two levels of authentication: a standard Apache-based authentication to get into the site in the first place, based on IP addresses kept in httpd.conf and then on an htpasswd file if the IP doesn't work, and then an application-level login, based on checking against a database, saving user info (e.g. access levels) in a server-side session with one-hour expiration, and passing a random session ID in a cookie.

Most of my users do not have write/edit access to the database, just read access. They are also in specific corporate locations with fixed IP addresses. I have recently gotten complaints that it's a pain to have to log in all the time to use the database--this should, people think, be necessary only for people making changes.

What would be the best way to set up authentication on this basis? I'm imagining that anyone without a cookie then has their IP address via $ENV{REMOTE_ADDR} checked against a list, and setting a cookie with read-level permissions. Anyone needing a higher access level could go to a login page that will ignore the IP authentication when setting the cookie.

Is this sensible, and secure? Are there other modules or procedures that would be a better way of handling this? And is there any easy way to avoid duplicating the IP list between httpd.conf and the program? There are a number of different access levels stored in a database, it's not just a simple yes or no.

Thank you for any advice.


In reply to Mixing IP and password authentication by jest

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (2)
As of 2022-05-17 00:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (65 votes). Check out past polls.

    Notices?