Re: Newbie question-- Perl pw authentication without pop-up prompt
nobull_at_mail.com
Date: 04/23/04
- Next message: Mike O'Leary: "Re: Newbie question-- Perl pw authentication without pop-up prompt"
- Previous message: Joe Smith: "Re: Error downloading page, some pages work great but cant seem to get this one"
- In reply to: Mike O'Leary: "Newbie question-- Perl pw authentication without pop-up prompt"
- Next in thread: Mike O'Leary: "Re: Newbie question-- Perl pw authentication without pop-up prompt"
- Reply: Mike O'Leary: "Re: Newbie question-- Perl pw authentication without pop-up prompt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 23 Apr 2004 10:16:00 -0700
Mike O'Leary <mike@muchsarcasm.com> wrote in message news:<4087D534.7010109@muchsarcasm.com>...
> Hello, forgive me if this is the worng group
This newsgroup does not exist. It is definitely the wrong group in
all cases. Even if it did exist it would probablty be wrong.
> My boss is looking to
> password protect certain areas of the server, but with the following
> stipulation: The username and password must be entered in a form, and
> not using the standard .htaccess pop-up window. He's specifically
> looking for either of the following:
>
> 1) A perl script that utilizes the .htaccess protections of the
> company's Apache server, but doesn't bring up the pop-up password box.
>
> 2) Something that completely foregoes .htaccess, but still provides
> similar protection using a login page.
>
> So far we've tried a program called Locked Area Lite, which is an
> excellent program that did exactly what we needed except for one
> problem: A change from Internet Explorer 5 to Internet Explorer 6 has
> eliminated the method that Locked Area used to send the password via an
> html page.
>
> We also have a copy of the Cgi-Perl Cookbook, which has a script called
> authenticate.cgi, but it never seemed to work.
CGI is the wrong tool is you want Apache to serve up regular static
content but want to hook in to the authentication phase. You probably
should use a cookie-based authentication module for Apache mod_perl
e.g. Apache::AuthCookie.
If you don't want to be cookie dependant there's also
Apache::AuthCookieURL but it strikes me that it would be better to
require cookies. After all this is precisely why cookies exist.
> I've checked through groups.google.com and have sifted through numerous
> posts but none of which have given us a solution.
>
> Also, in your opinion, is a perl/cgi based authentication setup secure.
> I've seen a few newsgroup posts that hint it's not as effective as
> .htaccess,
That would depend on many factors. So long as access (other than web
access) to your web server is restricted to trusted persons then all
authentication schemes that involve transmitting a plain-text
equivalent password are as strong or as weak as the tranmission
channel.
- Next message: Mike O'Leary: "Re: Newbie question-- Perl pw authentication without pop-up prompt"
- Previous message: Joe Smith: "Re: Error downloading page, some pages work great but cant seem to get this one"
- In reply to: Mike O'Leary: "Newbie question-- Perl pw authentication without pop-up prompt"
- Next in thread: Mike O'Leary: "Re: Newbie question-- Perl pw authentication without pop-up prompt"
- Reply: Mike O'Leary: "Re: Newbie question-- Perl pw authentication without pop-up prompt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
