I have a requirment to restrict access to parts of a web site. Life is not easy, so I can't just use Apache's built in access control systems, a flat-file password list and be done with it. I'm sure this scale of problem that other people have faced, so I beg for insights from more learned monks...
First task, is to extract from SAP a list of customer IDs and passwords. I can get SAP to split them out as a text file, or suck them out with Perl. Either way this happens inside our intranet, and not on the box doing the actual serving.
Second task, now I have the base list of customers, I need to allow them to add usernames and passwords. I have MySQL on a hosted BSD box running Apache, Perl (? mod_Perl) and mod_PHP. We need to allow each site (one customer ID) to give it's staff as few or as many usename and password pairs as they want. We don't want the customers to use their customer ID and password to view the site, as that get's messy.
Finally I need to purge or suspend any usernames/password pairs that no longer have a matching valid customer ID in SAP. Our customers are large oganisations, and we don't have much turn over, so we can do this in batch mode once or twice per week.
I see the following bits:
- Apache, MySQL authentication integration. Not a Perl issue, but I need to manage it on the remote box, and allow users to manage their own passwords and usernames via a web interface, and I think this is a canidtate for Perl.
- Generate the MySQL database to start with and keep it in sync with the SAP master. This is an ideal candidate for Perl.
- Various scripts will run on the server, and tie into the authentication system, but that happens after Apache has done it's bit, so I think that's easy to deal with.
Now I've done Apache and Perl/CGI-BIN for a few years now, but never on a scale where a DBMS was used. Our in-house SAP team is good with SQL, but not Perl. Where do I start?
- The DBI Book as reviewed here Programming the Perl DBI.
- I think merlyn has an example of a usename password script here . It may need some modification, is it a good place to start?
- What traps should look for and try to avoid, I can change my project if I need to now, I have a clean piece of paper, other than the SAP system, which I have to live with.
What I see as the simplist approach is to password protect the "password changer" with the customer ID/password, that way only the customer's admin can use it.
Password restrict the rest of the site, using the passwords/usernames controled by the site passwords/usernames. The customer ID will not work here to prevent them from using the same username and password for everything.
Keep the DB on the remote host in sync with the SAP master on the intranet.
As ever, humble thanks in advance.
Edit Masem & others 2001-10-03, fixed html that was breaking on SoPW page (near the ref to merlyn's column)
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.