[Melbourne-pm] Perl web application framework recommendations
pjf at perltraining.com.au
Mon Aug 16 22:24:23 CDT 2004
Howdy from sunny BrisVegas,
Daniel Pittman wrote:
>>As for authentication, keep in mind that apache lets you set a
>>PerlAuthHandler and a PerlAccessHandler (and a few more), that you can
>>use independently to whatever you have generating your content.
> Unfortunately, this only gives access to the very broken HTTP
> authentication layer which, while useful for small scale work, tends to
> be problematic for real-world applications in my experience.
> Specifically, the lack of any way to 'log out' of the system and the
> difficulty in implementing any sort of single sign on across servers
> are usually the killers out in the wild.
You want to have cookie-based authentication tokens? No problemo! The
PerlAccessHandler gives you this opportunity. You've got the request
(and any cookies associated with it), and if you find them acceptable
you can accept the request. If they're not, generate a redirect to the
login page, and you're done. Obviously you always want to allow people
to hit the login page.
Even better, this is an example in the mod_perl book, and the sample
chapter is freely available on-line. Cruise on over to:
It uses Apache::TicketAccess as the AccessHandler to do the hard work,
but you can alter this to taste if you like.
The lovely thing about this is that because it hooks in at the Access
stage, you can still use any technology you like for generating content.
Paul Fenwick <pjf at perltraining.com.au> | http://perltraining.com.au/
Director of Training | Ph: +61 3 9354 6001
Perl Training Australia | Fax: +61 3 9354 2681
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040817/52ca81e4/signature.bin
More information about the Melbourne-pm