[Melbourne-pm] Mod_perl2

Scott Penrose scottp at dd.com.au
Wed Sep 13 21:15:02 PDT 2006


On 14/09/2006, at 13:43, Daniel Pittman wrote:

>
> Apache also supports FastCGI -- with the original FastCGI module  
> and the
> newer (and more free) FCGI module.  Both of these give the same  
> benefits
> as lighttpd and FastCGI, plus the advantages that mod_perl and other
> Apache modules provide.
>

Nice thing about the above is that even though your code is FastCGI,  
as you mentioned you can still use mod_perl, which means we can still  
use the filters and auth etc.

This come very much down to if you are writing apache or an application.

For application I see three ways to go:

* Built into Apache - ala PHP, mod_perl etc
* External to Apache - ala FastCGI, straight CGI etc
* Proxy from Apache - ala mod_jk (remote TomCat) and many many others  
(usually they have their own internal protocol)

If you want to write Apache - e.g. something that uses Subrequest,  
has access to Apache internals, Authentication, Filtering etc -  
mod_perl is perfect. If you are writing an app - then I think it  
depends - my gut feel is that some form of abstraction is best. e.g.  
writing your 'application' in a more portable way, so that it can run  
in various forms of the above 3 methods (there are probably more).

An example of an application which should exist (probably) in  
mod_perl is things like a File Manager and Gallery - as it is self  
referring to internal data - e.g. other images or files.

An example of an application which should not (probably) exist in  
mod_perl (except as a performance boost, although you ca also use  
FastCGI) - a database application - such as booking system.

NOTE RANT START

I love programming Catalyst for web applications. It is fantastic to  
work with.

I really HATE that Catalyst duplicates Apache - authentication,  
filtering etc - that SUX BIG !

I REALLY REALLY HATE applications that do their own authentication -  
I have never worked on a single one of those types of apps that have  
not missed at least one file for auth - with a huge security hole -  
This stems so often from the fact that there is some myth that Apache  
authentication needs to be basic auth - it can be anything - random  
if you like, time of day, cookie, SSL signed certificate - what ever  
you like.

It would be nice if you could have auth done via Catalyst in a  
"TRUST" way - where you can use a simple Catalyst module for testing  
on the command line (Catalyst can run stand alone) but that in Aapche  
mode it uses the Apache user method.

NOTE RANT END

Scott
-- 
* - *  http://www.osdc.com.au - Open Source Developers Conference * - *
Scott Penrose
Open source developer
http://linux.dd.com.au/
scottp at dd.com.au

Dismaimer: Open sauce usually ends up never coming out (of the bottle).

Please do not send me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Microsoft is not the answer. It's the question. And the answer is no.




More information about the Melbourne-pm mailing list