Think about Loose Coupling | |
PerlMonks |
Re^2: HTTPD-Password Self-Management and Recoveryby mhi (Friar) |
on Dec 03, 2011 at 20:20 UTC ( [id://941569]=note: print w/replies, xml ) | Need Help?? |
The thing is, I had in the past done a roll-your-own authentication with a form and session-information in the URL as part of the existing application. The application needs some serious refactoring as it's become pretty huge and is no longer maintainable. I've selected a bunch of modules already, that will replace much of the stuff I had home-grown, but what's missing so far is the authentication part. I would love to do that with SSL client certs, but there's only about two out of a total of around 100 users, that I will be able to motivate to get themselves a cert from a CA I can trust. And one out of the two is me. And I'm not about to set up my own CA with all the trimmings to dish out certs to the rest of my users. Therefore I've started the new test site dual-login with a choice of client cert or BasicAuth. I could add form-based login and sessions on a parallel virtual host and have the application check, which host it's being accessed through, but I'd probably rather not reinvent the wheel, like I did ten years ago. :-) If you want to call that being confused, so be it. I was just thinking I might be able to let the webserver handle the authentication, so the main application only needs to worry about the authorization/roles. Add to that a user self-service password-management site on the side. If that's not to be had though, I might just stick with administrating the static .htpasswd by hand, even if I don't look forward to that prospect. I have taken a look at CGI::Application::Plugin::Authentication in the mean time and while it would be the right module to replace my previous authentication and session handling, it looks as if it is engineered only for checking the credentials, not updating them. Read-only means it's still a lot of coding to get to the management functionality I'm after.
In Section
Seekers of Perl Wisdom
|
|