Msg#: 4319 posted 12:06 am on Dec 14, 2005 (gmt 0)
My web sites rely on apache's .htpasswd files to restrict access to protected pages. I'm rewriting my pages and need a security solution that can be implemented in perl. Can anybody recemmend a place where I can read up on implementing security in the perl/CGI scripts?
My web pages use SSI to call perl scripts which generate dynamic data in certian areas of the page. I need to be able to include security mechanisms into the perl scripts so I don't accidenty allow a non-authorized user to get protected information.
Just looking for some examples of perl-based login routines and how to track the session etc.
Msg#: 4319 posted 12:27 am on Dec 14, 2005 (gmt 0)
Check CPAN. There are many modules that handle this type of thing.
Myself, I rolled my own user authentication object that encapsulates sessions, cookies, userids, database access, etc. It's built upon several available CPAN modules. Then I simply call it wherever I want pages to be password protected.
I'd recommend sticking with .htpasswd type authentication if you can. It's far more robust and comprehensive. Tied in with a database-backed auth mechanism, you should be able to do everything a script-driven authentication mechanism would (session expiries etc) and more. Just my 2 seconds' worth...