Scott Chapman wrote: > > Neil, > Thanks for the tip. Aye! That's a nice way of doing it.
> I'm already using Embperl Object quite a bit > and intend to use it more. Putting things in subs.epl is an option > I'm using for some things but I don't want to put basically my entire > modular site into subs.epl files. He wasn't suggest that you do this -- only put your authentications stuff into subs.epl. > You hit it right on the head when you said I want it to be > transparent. This stateless environment is a continued amazement > to me. It's a wonder so much is being done with it when it has > such design flaws. Clearly, it is being used in ways it was not > designed for. The more modular it can be made the better for > everyone involved (in development anway!). > > Cordially, > Scott > > Neil wrote: > > Of course what you are looking for is a way to make all this > > transparent, which I can understand. But just throwing an idea out > > there. There is another alternative to transparent authentication and authorization that we use all the time. Follow Chapter 6 [1] of the mod_perl book [2], and write a Apache::MyAuth handler that does the authentication/authorization. This module would be written in pure perl. If they user is not logged in, use HTML::Embperl::Execute to call your header.html/loginform.html/footer.html, and return OK. If they are logged in, return DECLINED so that the page can be loaded. This mod_perl would be compiled at server startup time, and run *before* every request that you specify. Ie, add it into httpd.conf/.htaccess via: PerlAccessHandler Apache::MyAuth While the EmbperlObject solution is nice way of doing it if you don't feel like writing a mod_perl handler, I prefer this method. The handler can be run before any request: plain CGI scripts, static HTML, images, other handlers, whatever. If they login fails, the page isn't executed. I find it a lot more reliable as well -- it's easier to add a bug in the individual base.epl or subs.epl. If you want to get fancy, you can use PerlSetVar, so that you can control the authentication system (on/off, which users/groups, etc) on a per directory/per file basis. My last version of this used Apache::Session to store whether they were logged in or not... this means that the auth handler can use the same sessioning system as Embperl for maintaining state. Just some more ideas... my $0.03 CDN. 1. http://www.modperl.com/book/chapters/ch6.html 2. http://www.modperl.com -- Regards, Wim Kerkhoff, Software Engineer Merilus, Inc. -|- http://www.merilus.com Email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
