[Melbourne-pm] Web auth meth

Toby Corkindale toby.corkindale at rea-group.com
Mon Sep 15 00:55:16 PDT 2008

Scott Penrose wrote:
> Good morning Tim,
> On 11/09/2008, at 8:56 AM, Tim Hogard wrote:
>> Hi perl mongers,
>> I'm about to start a new project that is somewhat largish in scope and 
>> part of the workflow design we have involves using forms to login.  
>> That in its self is about as earth shattering as the LHC but the 
>> discussion turned into what framework we intend to use and how we are 
>> going do the user authentication.
> Are you using Apache?
> If YES - then there is only one answer. Use Apache authentication 
> modules. Under no circumstance use authentication modules built into 
> frameworks.
> Why?
> * Now you can use any framework.
> * You can mix frameworks, even using basic CGI in some places
> * You can authenticate static pages
> * It is faster
> * More reliable
> * FAR more secure

I don't think anyone has mentioned a downside so far..

Apache authentication handlers are harder to test.

It's still do-able, but you need to the apache test module to actually 
boot up a live apache daemon, make requests, etc..
Whereas if you're using a system that uses CGI 
parameters+cookies/session IDs, etc then you can test it with 
WWW::Mechanize or similar.


Toby Corkindale
Software developer
w: www.rea-group.com
REA Group refers to realestate.com.au Ltd (ASX:REA)

Warning - This e-mail transmission may contain confidential information.
If you have received this transmission in error, please notify us
immediately on (61 3) 9897 1121 or by reply email to the sender. You
must destroy the e-mail immediately and not use, copy, distribute or
disclose the contents.

More information about the Melbourne-pm mailing list