You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Patrick Galbraith <pa...@mysql.com> on 2006/11/26 19:36:55 UTC
User Authentication questions
Hi All,
I'm in the process of trying to get this PerlTransHandler which does a
redirect back to the handler in such a way that once they log in,
instead of "/handler/" being the URI, it becomes "/handler/username".
I'm able to get a simple version of this, just for proof of concept,
that takes input from a form value called "op", and redirects
"/handlername/" to "/handlername/edit" for instance, if "op" is equal to
"edit". That works. So, the next step is to get the username, but _only_
if the user is logged in.
Currently, I have the main application handler do authentication simply
by checking username and password to the database (md5 hex of the
password) and if it matches, set a session cookie, which for every
subsequent operation is checked, and if set, the user is seen as logged in.
My PerlTransHandler that I wrote runs much earlier than the primary
application handler, and I then though "should this handle the
authentication", then reading even further, should I move authentication
to a PerlAuthenHandler (?). I would still want to use my login page (not
the login dialogue you obtain using .htpassword). Having not coded
mod_perl apps in a while, but remember somewhere that this is pretty
easy to do, I'm wondering if this is indeed a good idea.
Any thoughts, suggestions on how I should implement this? Any links to
info on how to do this (other than what I've found via google) would be
appreciated this.
Also, another question. I am coding this so it will work on a number of
apache/mod_perl versions, which includes allowing it to run using CGI,
which I've found using PerlTransHandler requires me to set
PerlOptions +GlobalRequest
to my httpd-perl.conf. What are the repercussions for using this setting?
Thanks in advance!
Patrick
--
Patrick Galbraith, Senior Systems Engineer
MySQL AB, www.mysql.com
Satyam Eva Jayate - Truth Alone Triumphs
Mundaka Upanishad
Re: User Authentication questions
Posted by Frank Wiles <fr...@wiles.org>.
On Mon, 27 Nov 2006 16:36:17 -0800
"Philip M. Gollucci" <pg...@p6m7g8.com> wrote:
> Frank Wiles wrote:
> > Oh and yes, you can use your own login forms with these.
> (Custom AAA Handlers)
>
> I don't this is a widely known fact, so I'm resending it to emphasize
> it.
>
> It would be nice to mention or emphasize this in the docs -- Hint
> Hint.
Sounds good, I'll add some more to the docs to emphasize that
and maybe an example if I have time.
---------------------------------
Frank Wiles <fr...@wiles.org>
http://www.wiles.org
---------------------------------
Re: User Authentication questions
Posted by "Philip M. Gollucci" <pg...@p6m7g8.com>.
Patrick Galbraith wrote:
> ps. I checked out the mod_perl docs from svn, and most of them seem to
> be pod. What is the nice trick to getting them in html format?
http://perl.apache.org/download/docs.html
build the site.
IF you only want the html version, you can skip most of the prereqs
though DocSet is definitely required.
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F
I never had a dream come true
'Til the day that I found you.
Even though I pretend that I've moved on
You'll always be my baby.
I never found the words to say
You're the one I think about each day
And I know no matter where life takes me to
A part of me will always be...
A part of me will always be with you.
Re: User Authentication questions
Posted by Patrick Galbraith <pa...@mysql.com>.
Philip M. Gollucci wrote:
> Frank Wiles wrote:
>
>> Oh and yes, you can use your own login forms with these.
>
> (Custom AAA Handlers)
>
> I don't this is a widely known fact, so I'm resending it to emphasize it.
>
> It would be nice to mention or emphasize this in the docs -- Hint Hint.
>
>
Hi again,
I have an idea in my head how I might implement this, but are there any
pre-baked code snippits I could gleen from?
Also, with user authentication at this stage, what keeps track of
whether a user is logged in or not, and is it on the server or client?
Can one set cookies at this stage?
Thanks!
Patrick
ps. I checked out the mod_perl docs from svn, and most of them seem to
be pod. What is the nice trick to getting them in html format?
--
Patrick Galbraith, Senior Systems Engineer
MySQL AB, www.mysql.com
Satyam Eva Jayate - Truth Alone Triumphs
Mundaka Upanishad
Re: User Authentication questions
Posted by "Philip M. Gollucci" <pg...@p6m7g8.com>.
Frank Wiles wrote:
> Oh and yes, you can use your own login forms with these.
(Custom AAA Handlers)
I don't this is a widely known fact, so I'm resending it to emphasize it.
It would be nice to mention or emphasize this in the docs -- Hint Hint.
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F
I never had a dream come true
'Til the day that I found you.
Even though I pretend that I've moved on
You'll always be my baby.
I never found the words to say
You're the one I think about each day
And I know no matter where life takes me to
A part of me will always be...
A part of me will always be with you.
Re: User Authentication questions
Posted by Frank Wiles <fr...@wiles.org>.
On Sun, 26 Nov 2006 13:36:55 -0500
Patrick Galbraith <pa...@mysql.com> wrote:
> Hi All,
>
> I'm in the process of trying to get this PerlTransHandler which does
> a redirect back to the handler in such a way that once they log in,
> instead of "/handler/" being the URI, it becomes "/handler/username".
> I'm able to get a simple version of this, just for proof of concept,
> that takes input from a form value called "op", and redirects
> "/handlername/" to "/handlername/edit" for instance, if "op" is equal
> to "edit". That works. So, the next step is to get the username, but
> _only_ if the user is logged in.
>
> Currently, I have the main application handler do authentication
> simply by checking username and password to the database (md5 hex of
> the password) and if it matches, set a session cookie, which for
> every subsequent operation is checked, and if set, the user is seen
> as logged in.
>
> My PerlTransHandler that I wrote runs much earlier than the primary
> application handler, and I then though "should this handle the
> authentication", then reading even further, should I move
> authentication to a PerlAuthenHandler (?). I would still want to use
> my login page (not the login dialogue you obtain using .htpassword).
> Having not coded mod_perl apps in a while, but remember somewhere
> that this is pretty easy to do, I'm wondering if this is indeed a
> good idea.
You'll definitely want to use PerlAuth*Handlers here. That's what
they are there for. Also, if you want to make things simple you
can just set $r->user() to the username and then it is available
to all of your other phases, just like BasicAuth.
Oh and yes, you can use your own login forms with these.
> Also, another question. I am coding this so it will work on a number
> of apache/mod_perl versions, which includes allowing it to run using
> CGI, which I've found using PerlTransHandler requires me to set
>
> PerlOptions +GlobalRequest
>
> to my httpd-perl.conf. What are the repercussions for using this
> setting?
It basically turns SetHandler mod_perl into half of SetHandler
perl-script. Giving you a access to a the Apache request object
from wherever, but not bothering to setup %ENV which is a slow
down if you don't use it.
---------------------------------
Frank Wiles <fr...@wiles.org>
http://www.wiles.org
---------------------------------