Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Calling script after htaccess authentification

by Xxaxx (Monk)
on Jul 30, 2002 at 18:35 UTC ( [id://186294]=perlquestion: print w/replies, xml ) Need Help??

Xxaxx has asked for the wisdom of the Perl Monks concerning the following question:

I've heard rumors that it is possible to call a Perl script after a htaccess authentification.

I've searched the perlmonks archives and have seen references which use mod_perl to handle situations such as this. However, mod_perl is not available to me at the moment.

Is there another option which will allow me to do some post processing?

Or failing this, is there a way that I can wrap the authentification process with a Perl script so that is it invisible to the user?

I'm really trying to avoid a double login process. This is totally annoying to some users. But I do need them to be logged in for the purposes of htaccess control as well as control in my scripts.

Thanks in advance,
Claude

Replies are listed 'Best First'.
Re: Calling script after htaccess authentification
by dws (Chancellor) on Jul 30, 2002 at 18:54 UTC
    I've searched the perlmonks archives and have seen references which use mod_perl to handle situations such as this. However, mod_perl is not available to me at the moment.

    You may be out of luck. mod_perl is integrated with Apache, and can do things that CGI scripts cannot.

    I'm really trying to avoid a double login process.

    The common way to do this is to forgo web server authentication (i.e., .htaccess control) entirely, relying instead on application-level login. Can you say more about why you need both?

      The site has a combination of public content, static group content and dynamic private content.

      The public content is easy, standard stuff.

      The static group content will be items such as information, forms, and downloads which is available to any and all approved users.

      The dynamic private content is specific to user. These would be reports composed of information specific to the exact user.

      The dynamic private content will be served through Perl scripts. This will most likely be controlled by cookiers following a successful login.

      I would rather control access to the static group content via htaccess authenticate so that update of the pages does not intermingle with the Perl scripts. This allows a slightly less trained person to do the updates. HTML and FTP knowledge rather than Perl background. i.e. cheaper labor for da boss.

      Obviously the easy solution is to have the users login twice. Once when they need access to the group material, and then again when they need access to any private material.

      Da boss is annoyed by the double login and I'm trying to find a way around this. Hence the grasping at straws....

      Thanks, Claude

        The site has a combination of public content, static group content and dynamic private content.

        I have a site like this. The scripts that generate dynamic content require an appropriate login cookie, and the data that they use is kept in a folder that is not visible to the web server. No apache authentication is required. Works fine, though it does mean that I have to do downloads via a CGI script, instead of letting the web server handle the details.

        I would rather control access to the static group content via htaccess authenticate so that update of the pages does not intermingle with the Perl scripts.

        So keep the perl scripts in a separate directory?

        I'm still not seeing why you need .htaccess control.

Re: Calling script after htaccess authentification
by cLive ;-) (Prior) on Jul 30, 2002 at 22:54 UTC

    "I'm really trying to avoid a double login process. "

    Sorry, am I missing the point here or is $ENV{'REMOTE_USER'} what you are looking for?

    cLive ;-)

    --
    seek(JOB,$$LA,0);

      Since I've seen warnings within the pages of Perlmonk that $ENV{'REMOTE_USER'} can be spoofed I'd rather not use that. And I don't believe it could answer the whole problem in any case.

      I'm simply trying to find a means to avoid a double login process on a system which requires some directories be password protected using the standard htaccess authentification and some content be password protected through Perl scripts which then assemble dynamic reports to be sent to the browser.

      If not for the fact that I've heard rumors from two different sources that this is possible without mod_perl I'd give up the quest and just force the users to live with the logging in twice problem.

      If anyone knows for a fact that this is not possible I don't mind taking the bad news to my boss. I just don't want to be sitting there with egg on the face when somewhere out of the woodwork comes the news that it's easy if you just do .....

      In any case, I hope that somewhere within these words I've clarified the point.

      Claude

        $ENV{'REMOTE_USER'} cannot be spoofed. It is environment variable which is set by Apache on the basis of authorization results. If your Apache configuration is secure you can trust it.

        --
        Ilya Martynov (http://martynov.org/)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://186294]
Approved by Desdinova
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (5)
As of 2024-03-29 11:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found