[Melbourne-pm] Mod_perl2
Scott Penrose
scottp at dd.com.au
Wed Sep 13 21:15:02 PDT 2006
On 14/09/2006, at 13:43, Daniel Pittman wrote:
>
> Apache also supports FastCGI -- with the original FastCGI module
> and the
> newer (and more free) FCGI module. Both of these give the same
> benefits
> as lighttpd and FastCGI, plus the advantages that mod_perl and other
> Apache modules provide.
>
Nice thing about the above is that even though your code is FastCGI,
as you mentioned you can still use mod_perl, which means we can still
use the filters and auth etc.
This come very much down to if you are writing apache or an application.
For application I see three ways to go:
* Built into Apache - ala PHP, mod_perl etc
* External to Apache - ala FastCGI, straight CGI etc
* Proxy from Apache - ala mod_jk (remote TomCat) and many many others
(usually they have their own internal protocol)
If you want to write Apache - e.g. something that uses Subrequest,
has access to Apache internals, Authentication, Filtering etc -
mod_perl is perfect. If you are writing an app - then I think it
depends - my gut feel is that some form of abstraction is best. e.g.
writing your 'application' in a more portable way, so that it can run
in various forms of the above 3 methods (there are probably more).
An example of an application which should exist (probably) in
mod_perl is things like a File Manager and Gallery - as it is self
referring to internal data - e.g. other images or files.
An example of an application which should not (probably) exist in
mod_perl (except as a performance boost, although you ca also use
FastCGI) - a database application - such as booking system.
NOTE RANT START
I love programming Catalyst for web applications. It is fantastic to
work with.
I really HATE that Catalyst duplicates Apache - authentication,
filtering etc - that SUX BIG !
I REALLY REALLY HATE applications that do their own authentication -
I have never worked on a single one of those types of apps that have
not missed at least one file for auth - with a huge security hole -
This stems so often from the fact that there is some myth that Apache
authentication needs to be basic auth - it can be anything - random
if you like, time of day, cookie, SSL signed certificate - what ever
you like.
It would be nice if you could have auth done via Catalyst in a
"TRUST" way - where you can use a simple Catalyst module for testing
on the command line (Catalyst can run stand alone) but that in Aapche
mode it uses the Apache user method.
NOTE RANT END
Scott
--
* - * http://www.osdc.com.au - Open Source Developers Conference * - *
Scott Penrose
Open source developer
http://linux.dd.com.au/
scottp at dd.com.au
Dismaimer: Open sauce usually ends up never coming out (of the bottle).
Please do not send me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
Microsoft is not the answer. It's the question. And the answer is no.
More information about the Melbourne-pm
mailing list