Thanks Perrin for the reply.
I have seen some mods out there that sound like they will do what I want but
as of yet I have not found any god examples of them. I'm one of those people
who really needs to see a working practical use of the application as the
perldocs tend to be a bit ambiguous to me.
Also what is HMAC?
-Alexander
Perrin Harkins wrote:
>
> On Nov 26, 2007 6:12 PM, Alexander Burrows <[EMAIL PROTECTED]> wrote:
>> Alright I have been sitting on the side lines of learning anything new
>> about
>> mod_perl for too long. So I hope I've come to the right place to get
>> brushed
>> up on things.
>
> You have. Welcome!
>
> I don't write a lot of auth handlers, but here are some quick
> observations on your code:
>
>> sub handler {
>> my $r = Apache::Request->new(shift);
>>
>> my $cookie = Apache::Cookie->fetch();
>>
>> my %auth = $cookie->{'auth'}->value();
>>
>> unless ( $auth{'id'} ) {
>> $r->headers_out->set(Location => '/sys-bin/login.cgi');
>> $r->status(REDIRECT);
>
> Make sure you imported the REDIRECT constant.
>
>> return REDIRECT;
>> exit 1;
>
> Don't use exit in mod_perl. You don't want to shut down the web server.
>
> I assume you're using apache 1.3 here, because you didn't use
> Apache2::Cookie.
>
> You will eventually want to do more with the cookie to verify that it
> came from you. Usually people use some kind of HMAC for this.
>
> Also, while I applaud your interest in learning to write custom auth
> code, your needs sound pretty simple, and I bet you could use an
> existing apache module for this.
>
> - Perrin
>
>
--
View this message in context:
http://www.nabble.com/Auth-Question-need-some-input-tf4878626.html#a13984614
Sent from the mod_perl - General mailing list archive at Nabble.com.
