On Thu, Jun 3, 2010 at 1:06 AM, Jerry Kaidor <[email protected]> wrote: > The next step is to figure out an access control scheme. I have to do > that up front, because access control is part of the forest of run modes. > What's the 800-pound gorilla among access control schemes that works well > with cgiapp? > > Right now, I use a couple of things: First, the webserver demands HTTPS > for the cgi directories. Second, I use basic authentication. I use it > because somebody else who knew what they were doing wrote it :). Third, > I use my own login/password screen. When a user logs in, an MD5 hash is > created off of all the interesting and unique things I could easily > find. Things like the username, the IP address of his computer, the > exact time when he logged in, etc etc. The hash is stored in an SQL > table of sessions, which also includes times of last use. The session > ID and hash are passed around as CGI parameters and verified for each > page. A housekeeping cron task ages out unused sessions. There is also > a system of permissions for each user. As I develop my code I keep > finding individual actions that are worth adding a permission for. > > I am sure that my system is quite broken, and there is much better stuff > out there :). >
Hi Jerry, I use CGI::Application::Plugin::Authentication, with a database backend for storing user info and sessions. The module will handle creating and managing user sessions for you, including configurable session timeouts. It also checks that a user is authorized to see a particular web page (run mode). I've found the module very useful. You will still need your housekeeping cron job. An example cron job is also here: http://cgi-app.org/index.cgi?CgiApplicationPluginSessionExample) Working examples of CAP::Authentication: http://www.perlmonks.org/?node_id=622071 http://docs.google.com/Doc?id=dd363fg9_77gb4hdh7b For authorization (permissions) have a look at CGI::Application::Plugin::Authorization. (For a project I'm currently working on, I rolled my own (much less feature rich) authorization plugin, to minimize the number of hits to the database). -- Mark R. ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
