comment on

In CGI::Prototype - let me clarify the response phase for you metaperl identifies authentication and authorization as two general phases of a request; similarly, the very useful book, Writing Apache Modules with Perl and C, focuses a chapter on Apache's API with regards to those two phases of a request. In general I'm rather familiar with the authentication phase of a request, which is standardized for my site (a session object has most of the pertinent information,) and comfortable with Apache::AuthenHandler(s).

However, I'm interested in how (Mod_)Perl Monks approach authorizing users for sites like forums, for which each forum may require different access privileges. Is it bad practice to handle this in the Mod_Perl script (PerlHandler) itself? Is there a standard way to approach this problem using Apache::AuthzHandler(s)? For instance, assuming my forum is located at /forum which approach would you take:

Check if the user is authorized in the mod_perl script (PerlHandler) itself? Ie. In the routine that generates the appropriate forum, retrieve the needed access from a table listing minimum access privileges?
Handle this in a single AuthzHandler. Check which forum the user is trying to access; retrieve needed privileges from a table, and then deny or allow access. I assume (I haven’t tried this) I could do this even if the path actually leads to a perl handler:
```
<Location /forum>
 AuthName Restricted
 AuthType Basic
 PerlAuthenHandler My::CookieAuthenAnyHandler
 PerlAuthzHandler  My::AuthzHandler
</Location>
[download]
```
The final option, which I would err towards if the site wasn’t dynamic would be to require different authentication levels within Apache’s config file for different paths. To allow the creation and changing of access privileges in a forum, however, I would have to restart Apache rather often.

So I guess my question is which approach do you think I should take? Is there a way to implement the third approach without continuously restarting Apache? While the first approach means that I won’t have to parse the appropriate forum name twice, the second approach seems to be in accordance with separation of concerns (and I could always just set the forum using $r->subprocess_env or $r->notes or pnotes. Is the second approach more in tune with Mod_Perl’s designs as a language? What’s your advice?

Gyan

In reply to Mod_Perl Handlers and URL Based Authorization: What's The Best Aproach For A Rank Based Forum? by Revelation

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.