Protecting a perl program
Tkil
tkil-sdpm at scrye.com
Fri May 17 01:16:35 CDT 2002
~sdpm~
>>>>> "Joel" == Joel Fentin <joel at fentin.com> writes:
Joel> 1. Is there a *standard* way of requiring user name & password
Joel> before I let someone run a perl program on the www?
There are multiple ways of doing it; no one way is standard, because
there's no one definition of when someone is authorized.
Authentication can be done by the HTTP server and/or by your code.
Joel> 2. Do I put an .htpasswd file in the cgi-bin directory? This (if
Joel> it works) carries the disadvantage that all programs in that
Joel> directory require UN & PW.
If you're using apache, you typically use .htaccess files in the live
areas (or in your httpd.conf); the .htuser and .htgroup files are
typically outside the served document tree, so there is no chance at
all that anyone could download them.
.htpasswd might be a new feature I'm not familiar with. But I've
never heard of it before.
Joel> 3. Or do I code the protection right into the program?
You can.
Joel> 4. Or some other way?
See:
http://www.perl.org/CGI_MetaFAQ.html#security
For lots more information.
t.
~sdpm~
The posting address is: san-diego-pm-list at hfb.pm.org
List requests should be sent to: majordomo at hfb.pm.org
If you ever want to remove yourself from this mailing list,
you can send mail to <majordomo at happyfunball.pm.org> with the following
command in the body of your email message:
unsubscribe san-diego-pm-list
If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-san-diego-pm-list at happyfunball.pm.org> .
This is the general rule for most mailing lists when you need
to contact a human.
More information about the San-Diego-pm
mailing list