Hey Mark --
> Jesse has written on a number occassions about the merits of handling
> authentication for web applications at a level seperate from the
> application logic. While this system appealed to me, I could see how it
> do it without using mod_perl. Today I ran across another possible
> solution, The Apache mod_auth_pg module. It allows you to tie .htaccess
> files into a Postgres database to handle user authentication.
The "mod_auth_pg" module works *exactly* in the same fashion as I recommend.
This module is an Apache handler written in C. A similar Apache handler,
written in Perl, is "Apache::AuthCookieDBI". Apache::AuthCookieDBI also has
the capability to connect to *any* database -- not just PostgreSQL.
It is important to note that both modules, mod_auth_pg and
Apache::AuthCookieDBI, function in EXACTLY the same way even though they are
written in two different languages. They are both Apache handlers which tie
into the Authentication and Authorization phases of the Apache request.
Both of them use the Apache API. Apache::AuthCookieDBI accesses that API
via mod_perl, and mod_auth_pg accesses that API directly -- but the code is
strikingly similar. For instance, to actually set the user name, here is
how the respective handlers perform the task:
mod_auth_pg:
conn_rec *c = r->connection;
c->user = str;
Apache::AuthCookieDBI (via Apache::AuthCookie):
$r->connection->user($auth_user);
Apache::AuthCookieDBI is hardly the only CPAN-based module which performs
this task. When I do a search on CPAN for /Apache::.*Auth/ I get **51**
modules! I would bet that there are even better modules which do exactly
what you want.
In addition, it would not be hard to write your own Auth* module. Using
Apache and mod_perl, you could write a simple Auth handler which implements
all the functionality of mod_auth_pg, with ease. The mod_auth_pg.c code is
about 500 lines. Based on the functionality, I would bet you could replace
all that functionality in about 100-200 lines of Perl code. (It is a *very*
simple module!)
I'm not trying to talk you out of using mod_auth_pg! I just want to make
sure that everybody understands that what mod_auth_pg is doing is exactly
what mod_perl is intended to allow you to do in Perl. Naturally, C code
will run faster than Perl code, but I think it is a valuable lesson to write
the module in Apache/mod_perl in order to better understand how Apache
works, and as a result, how web-based Authentication and Authorization
works. The performance in Perl can be excellent, and only a very
highly-vistited site would absolutly require Auth* rewrite in C. And if the
time comes when you need the added performance of C, your Perl Auth* module
often translates line-for-line into it because of the common Apache API. A
Perl Apache handler will take you quite far.
TTYL,
-Jesse-
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
