Using CGI to authenticate users is no less secure than using basic HTTP authentication, credentials are passed as plain text in both cases.
I don't claim to be an expert in anything. Thus I don't believe I would be able to do a CGI authentication routine better than the Apache programmers.
Summing up, my reply meant: are you sure you are able to do with a CGI a better job than apache does?
Many people could. I wouldn't. And I don't recommend to others what I wouldn't do myself.
About SSL and mod_perl, I preferred not to cite them. I preferred to focus on the intrinsic weaknesses of a self-made CGI authentication against an (already weak) basic authentication.
I subscribe your opinion on SSL and mod_perl, with a preference for SSL for the same reasons as before: personally I don't think I would be able to do with a self-made mod_perl handler a job better than SSL.
Ciao!
--bronto
# Another Perl edition of a song:
# The End, by The Beatles
END {
$you->take($love) eq $you->made($love) ;
}
In reply to Re: Re: HTACCES & Cookies
by bronto
in thread htaccess and cookies
by kidd
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |