Re: SOAP::Lite and mod

Well, in mod_perl 1.x you can always just call Apache->request() to get the current request object. Using the remote IP is usually a bad idea though. You can't expect it to be unique (proxies) and you can't expect the same client to always come in with the same IP (proxies again).

Comment on Re: SOAP::Lite and mod_perl Download Code

Replies are listed 'Best First'.
Re: Re: SOAP::Lite and mod_perl by chiggins (Novice) on Apr 29, 2003 at 04:16 UTC
BINGO. Worked like a charm testing locally, will test again tomorrow in the dev environment. In this particular case, the client is going to provide us with a list of possible ip's they'll be connecting to the service with, and we'll be able to associate at least a list of ip's with the user account. agreed, it's not a perfect solution, but it's the one i've been charged with implementing. i'd be delighted, however, to hear an alternative approach i can sell to the powers that be? Thanks again muchly for the tip, feels good to be unstuck. c	[reply]
Re: Re: Re: SOAP::Lite and mod_perl by samtregar (Abbot) on Apr 29, 2003 at 07:56 UTC
You might mention to the powers that be that relying on IPs for authentication is a really bad idea. Spoofing IPs is something crackers do all day long. Is there some reason the usual cookie-based username/password login won't work for you? I implemented a SOAP system for Bricolage which supports a login call and uses standard HTTP cookies for authentication. Put it over SSL and I bet it would be pretty hard to break. -sam	[reply]