Best practice for letting my CGI scripts access another password protected CGI script?

OfficeLinebacker has asked for the wisdom of the Perl Monks concerning the following question:

Greetings, esteemed monks!

I have a very basic security set up for a web-based system I wrote that uses a .htaccess file and is (obviously) hosted on Linux. It has just one line Require statement: Require valid-user. My .htpasswd file has one entry, which contains the credentials needed to access the system. So far, so good. However, one of the CGI scripts actually sends a POST message to one of the other CGI scripts. When I initailly set up the system, I had no security, and naively thought I could just add .htaccess/.htpassword security and be done with it. Well, this request from one CGI script to the other no longer works, and the error I get is '401 Unauthorized.'

So I know I could just append the un/pw data to the post, but I am wondering if there is a "better way" to do this. Add another user to the .htpasswd file? My understanding of this is rudimentary at best.

Thanks.

Edit: Adding credentials to the LWP::UserAgent did not do the trick. I used $ua->credentials( $netloc, $realm, $uname, $pass ) with domain.com:80, "Some Realm," and the user name and password, and I am still getting 401. Help!

Comment on Best practice for letting my CGI scripts access another password protected CGI script?

Replies are listed 'Best First'.
Re: Best practice for letting my CGI scripts access another password protected CGI script? by Anonymous Monk on Oct 29, 2013 at 01:00 UTC
... . Help! Try these checklists :) CGI Help Guide , Troubleshooting Perl CGI scripts Maybe your LWP running as user apache doesn't have permission to make internet connections, or maybe something else entirely, check the logs	[reply]
Re^2: Best practice for letting my CGI scripts access another password protected CGI script? by OfficeLinebacker (Chaplain) on Oct 29, 2013 at 23:56 UTC
I think this is more of an LWP/credentials problem than a CGI problem. The system has about ten CGI scripts, but the only one that's giving problems is one that instantiates an LWP::UserAgent object and tries to call one of the other CGI scripts. >check the logs Well the logs are telling me that the request has no credentials associated with it, so time to look into that.	[reply]
Re^3: Best practice for letting my CGI scripts access another password protected CGI script? by Anonymous Monk on Oct 30, 2013 at 00:55 UTC
Well the logs are telling me that the request has no credentials associated with it, so time to look into that. Looks that way :) `use LWP; my $headers = HTTP::Headers->new(); $headers->authorization_basic('user', 'pass'); my $request = new HTTP::Request(GET => $url, $headers); $request->dump; __END__ GET - Authorization: Basic dXNlcjpwYXNz (no content)` [download]	[reply] [d/l]
Re: Best practice for letting my CGI scripts access another password protected CGI script? by OfficeLinebacker (Chaplain) on Oct 30, 2013 at 00:27 UTC
I found the answer here: 386070. The key was to use `my $headers = HTTP::Headers->new(); $headers->authorization_basic('user', 'pass'); my $request = new HTTP::Request(GET => $url, $headers);` [download] instead of `$ua->credentials('www.domain.com:80', '', 'user', 'pass');` [download]	[reply] [d/l] [select]
Re^2: Best practice for letting my CGI scripts access another password protected CGI script? by Anonymous Monk on Oct 30, 2013 at 01:02 UTC
Well, now I see this post :) www.domain.com and domain.com and domain.com:365 are all different ... so figure out which one you need ... easier than ...Headers->new LWP uses host_port for basic-auth `$ perl -MLWP -le " print URI->new( $_ )->host_port for qw{ http://www +.example.com http://example.com:365 }; " www.example.com:80 example.com:365` [download]	[reply] [d/l]