[Melbourne-pm] Perl web application framework recommendations

Daniel Pittman daniel at rimspace.net
Tue Aug 17 08:23:35 CDT 2004 

On 17 Aug 2004, David Dick wrote:
>> Unfortunately, this only gives access to the very broken HTTP
>> authentication layer which, while useful for small scale work, tends to
>> be problematic for real-world applications in my experience.

[...]

> i actually tend to like HTTP auth because it makes automating a site
> with wget/et al trivial as distinct from fooling around with session
> cookies and POST requests, which, while possible is not fun.

I agree completely -- it is a great shame that basic auth falls short of
real-world requirements for login/user session management, since the
alternatives are awful, horrible and impossible to support
generically.[1]

>> Specifically, the lack of any way to 'log out' of the system and the
>> difficulty in implementing any sort of single sign on[1] across servers
>> are usually the killers out in the wild.
>
> the ability to log out has become a little weird imho, given that the 
> major browsers offer to "remember" password fields anyway, so the 
> ability to log back in again is usually a click away. 

Most of the time when this has been an issue it has been one big thing
that was the problem: the law.

A number of places I have worked at have had various regulatory issues
that mean you *must* offer a logout option, and that it *must* terminate
the relevant access, etc, controls.  Sure, not quite a match for the
technology that remembers passwords, but that is the law for you.

Even without that it is often desirable to know that the user has
finished with something -- I am occasionally irritated when I need to
administer my RT install, because it is hard to log out and back in as
another users, but not impossible.

> single sign on is a necessary thing sometimes thou, and as mentioned by
> paul the mod_perl.com example is a good one.  It just depends on whether 
> your application needs to jump across multiple domains.

Yes. I am very pleased to have learned about that, and will probably go
and study up on the apache2 hook structures in greater detail. Clearly
they are more capable than I had believed.

Regards,
        Daniel

Footnotes: 
[1]  I know. Trying to get an automated process to work with LiveJournal
     was a world of irritation that I could well have lived without.

-- 
A silly remark can be made in Latin as well as in Spanish.
        -- Cervantes, _The Dialogue of the Dogs_, 1613

More information about the Melbourne-pm mailing list