[Melbourne-pm] Perl web application framework recommendations

Paul Fenwick pjf at perltraining.com.au
Mon Aug 16 22:24:23 CDT 2004


Howdy from sunny BrisVegas,

Daniel Pittman wrote:

>>As for authentication, keep in mind that apache lets you set a 
>>PerlAuthHandler and a PerlAccessHandler (and a few more), that you can
>>use independently to whatever you have generating your content.  
> 
> Unfortunately, this only gives access to the very broken HTTP
> authentication layer which, while useful for small scale work, tends to
> be problematic for real-world applications in my experience.
> 
> Specifically, the lack of any way to 'log out' of the system and the
> difficulty in implementing any sort of single sign on[1] across servers
> are usually the killers out in the wild.

You want to have cookie-based authentication tokens?  No problemo!  The 
PerlAccessHandler gives you this opportunity.  You've got the request 
(and any cookies associated with it), and if you find them acceptable 
you can accept the request.  If they're not, generate a redirect to the 
login page, and you're done.  Obviously you always want to allow people 
to hit the login page.

Even better, this is an example in the mod_perl book, and the sample 
chapter is freely available on-line.  Cruise on over to:

	http://modperl.com:9000/book/chapters/ch6.html

It uses Apache::TicketAccess as the AccessHandler to do the hard work, 
but you can alter this to taste if you like.

The lovely thing about this is that because it hooks in at the Access 
stage, you can still use any technology you like for generating content.

Cheerio,

	Paul

-- 
Paul Fenwick <pjf at perltraining.com.au> | http://perltraining.com.au/
Director of Training                   | Ph:  +61 3 9354 6001
Perl Training Australia                | Fax: +61 3 9354 2681
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040817/52ca81e4/signature.bin


More information about the Melbourne-pm mailing list