Hey Mark -- > Jesse has written on a number occassions about the merits of handling > authentication for web applications at a level seperate from the > application logic. While this system appealed to me, I could see how it > do it without using mod_perl. Today I ran across another possible > solution, The Apache mod_auth_pg module. It allows you to tie .htaccess > files into a Postgres database to handle user authentication.
The "mod_auth_pg" module works *exactly* in the same fashion as I recommend. This module is an Apache handler written in C. A similar Apache handler, written in Perl, is "Apache::AuthCookieDBI". Apache::AuthCookieDBI also has the capability to connect to *any* database -- not just PostgreSQL. It is important to note that both modules, mod_auth_pg and Apache::AuthCookieDBI, function in EXACTLY the same way even though they are written in two different languages. They are both Apache handlers which tie into the Authentication and Authorization phases of the Apache request. Both of them use the Apache API. Apache::AuthCookieDBI accesses that API via mod_perl, and mod_auth_pg accesses that API directly -- but the code is strikingly similar. For instance, to actually set the user name, here is how the respective handlers perform the task: mod_auth_pg: conn_rec *c = r->connection; c->user = str; Apache::AuthCookieDBI (via Apache::AuthCookie): $r->connection->user($auth_user); Apache::AuthCookieDBI is hardly the only CPAN-based module which performs this task. When I do a search on CPAN for /Apache::.*Auth/ I get **51** modules! I would bet that there are even better modules which do exactly what you want. In addition, it would not be hard to write your own Auth* module. Using Apache and mod_perl, you could write a simple Auth handler which implements all the functionality of mod_auth_pg, with ease. The mod_auth_pg.c code is about 500 lines. Based on the functionality, I would bet you could replace all that functionality in about 100-200 lines of Perl code. (It is a *very* simple module!) I'm not trying to talk you out of using mod_auth_pg! I just want to make sure that everybody understands that what mod_auth_pg is doing is exactly what mod_perl is intended to allow you to do in Perl. Naturally, C code will run faster than Perl code, but I think it is a valuable lesson to write the module in Apache/mod_perl in order to better understand how Apache works, and as a result, how web-based Authentication and Authorization works. The performance in Perl can be excellent, and only a very highly-vistited site would absolutly require Auth* rewrite in C. And if the time comes when you need the added performance of C, your Perl Auth* module often translates line-for-line into it because of the common Apache API. A Perl Apache handler will take you quite far. TTYL, -Jesse- --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]