[Melbourne-pm] Perl web application framework recommendations
scottp at dd.com.au
Mon Aug 16 17:16:07 CDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
On 16/08/2004, at 11:15 PM, Daniel Pittman wrote:
> On 16 Aug 2004, Paul Fenwick wrote:
>> Tim Hunt wrote:
>>> If you're looking at Template Toolkit, don't ignore HTML::Mason (
>>> http://www.masonhq.com ) used by Monash Uni's portal, Amazon.com and
>>> other fine sites.
>> I can chime in with a vote for HTML::Mason here.
> *nod* It keeps looking tempting, so I guess I should have a whack at
> prototyping my application in it...
Do a quick comparison between HTML::Mason and Template::Tolkit.
They have many outstanding features, but they are not the same.
My preferences is for Template::Toolkit, but like so many things, I
think it is very dependant on the job you are doing, and therefore I
would not push for one over the other unless I knew all the variables
> Unfortunately, this only gives access to the very broken HTTP
> authentication layer which, while useful for small scale work, tends to
> be problematic for real-world applications in my experience.
It isn't as broken as you might think. If you use Digest Auth, there is
no problem with password security. And most browsers these days support
I would actually say that most cookie logins are broken as people are
trying to implement their own authentication. The one thing that Basic
Auth has wrong is clear text passwords. But that is only because you
use HTTP. Even the cookie methods require HTTPS, and in HTTPS even the
Basic Auth passwords are encrypted.
Digest gives you unencrypted HTTP but protected passwords.
> Specifically, the lack of any way to 'log out' of the system and the
> difficulty in implementing any sort of single sign on across servers
> are usually the killers out in the wild.
You can do single sign on. My Basic Auth module looks at headers first
and then decides whether to allow through OR send back a 405.
But sign out is a problem. There is an example Apache module (in Perl)
which does this, but only works on a subset of browsers and relies on
the browser honouring it. So that may be the show stopper for Basic
auth for you.
Have fun with your selections :-)
* - * http://www.osdc.com.au - Open Source Developers Conference * - *
Open source developer
scottp at dd.com.au
Dismaimer: Open sauce usually ends up never coming out (of the bottle).
Please do not send me Word or PowerPoint attachments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----
More information about the Melbourne-pm