On Tue, Sep 13, 2005 at 09:33:28PM +0200, Dirk Jagdmann wrote: > I'm currently developing a software which is receiving requests via http > where username and password are transmitted via HTTP (basic) > authentication (as base64 encoded string in the HTTP request header). > The other parameters are transmitted as a GET request, thus encoded into > the URL of the request. > > If have (yet) not found any way to retrieve the password in my perl > code. The username is set in the REQUEST_USER environment variable, but > I did not find out, wherer I can access the password. Is this possible?
I haven't tried it, but you should just be able to get the Authorization http header (via the apache request) and base64 decode it, giving you a 'username:password' string. Of course, Basic Authentication is evil, and should only be used for toy projects (since it doesn't scale) over HTTPS. > Or would it be possible if I code a custom Auth Handler (as shown in the > mod_perl manual) and then store the password somewhere where I can > access it from my (Emb)perl code? <plug> Yep. There are lots of ways to do this - my mod_auth_tkt module: http://www.openfusion.com.au/labs/mod_auth_tkt/ is one, providing a drop-in replacement for Basic Authentication, apache single-signon, yada yada. You'd typically just store the encrypted password in the auth ticket data section, which shows up in the REMOTE_USER_DATA environment variable. </plug> Cheers, Gavin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
