SPUG: Password Protection?

Aryeh "Cody" Sherr asherr at cs.unm.edu
Mon Dec 4 15:41:27 CST 2000 

there are a few different approaches you can take:

basic authentication. this sends the password in what amounts to plain
text. ok for casual stuff, but people get in if they want. 

basic authentication over https (secure http) connection. better, but you
have to start in secure mode.

md5 digest authentication. this is more secure, and harder to implement.

rfc 2617 is entirely about these 2 forms of http based
authentication/authorization.

application level authentication. the username/password checking is done
by the application. the user logs in through a form, and then a session is
kept through the application about what the user can do and where thay can
go. this should be done over https, or at least through unique session ids
that get passed around, and are asssociated with the user. the sessions
should eventually expire.

hope this is useful.

cody



On Mon, 4 Dec 2000, Martin, Asa wrote:

> > On Mon, 4 Dec 2000, Altman, Brian wrote:
> > > 	I have a Perl/CGI script that allows users to edit a flat file
> > > database on a Unix server. Now I need to secure this script so only
> > > specified users have access to it. Any thoughts on how I can password
> > > protect this script?
> > 
> > Assuming Apache, you could easily setup a .htaccess file to restrict
> > access to that area to specified users/groups.
> > 
> For a good description of how to do this in apache, check out:
> http://www.apacheweek.com/features/userauth
> 
> 
> 
>  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>      POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
>       Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
>   Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
>  For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
>   Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
> 
> 
> 


 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/

More information about the spug-list mailing list