[Melbourne-pm] Perl web application framework recommendations

Scott Penrose scottp at dd.com.au
Mon Aug 16 17:16:07 CDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 16/08/2004, at 11:15 PM, Daniel Pittman wrote:

> On 16 Aug 2004, Paul Fenwick wrote:
>> Tim Hunt wrote:
>>
>>> If you're looking at Template Toolkit, don't ignore HTML::Mason (
>>> http://www.masonhq.com ) used by Monash Uni's portal, Amazon.com and
>>> other fine sites.
>>
>> I can chime in with a vote for HTML::Mason here.
>
> *nod*  It keeps looking tempting, so I guess I should have a whack at
> prototyping my application in it...

Do a quick comparison between HTML::Mason and Template::Tolkit.
They have many outstanding features, but they are not the same.
My preferences is for Template::Toolkit, but like so many things, I 
think it is very dependant on the job you are doing, and therefore I 
would not push for one over the other unless I knew all the variables 
:-)

Good luck.

> Unfortunately, this only gives access to the very broken HTTP
> authentication layer which, while useful for small scale work, tends to
> be problematic for real-world applications in my experience.

It isn't as broken as you might think. If you use Digest Auth, there is 
no problem with password security. And most browsers these days support 
Digest.

I would actually say that most cookie logins are broken as people are 
trying to implement their own authentication. The one thing that Basic 
Auth has wrong is clear text passwords. But that is only because you 
use HTTP. Even the cookie methods require HTTPS, and in HTTPS even the 
Basic Auth passwords are encrypted.

Digest gives you unencrypted HTTP but protected passwords.

> Specifically, the lack of any way to 'log out' of the system and the
> difficulty in implementing any sort of single sign on[1] across servers
> are usually the killers out in the wild.

You can do single sign on. My Basic Auth module looks at headers first 
and then decides whether to allow through OR send back a 405.

But sign out is a problem. There is an example Apache module (in Perl) 
which does this, but only works on a subset of browsers and relies on 
the browser honouring it. So that may be the show stopper for Basic 
auth for you.

Have fun with your selections :-)

Scott
- -- 
* - *  http://www.osdc.com.au - Open Source Developers Conference * - *
Scott Penrose
Open source developer
http://linux.dd.com.au/
scottp at dd.com.au

Dismaimer: Open sauce usually ends up never coming out (of the bottle).

Please do not send me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBITIqDCFCcmAm26YRAsx/AKCCqkujMLtuy4aI2UGpCO6D9bK1zQCgjbAE
3oQDgxoxNzb3L3yiF0+m4dE=
=6fYX
-----END PGP SIGNATURE-----

More information about the Melbourne-pm mailing list