It seems that WWW::Authenticate will handle creating sessions to maintain state for an authenticated user; that DBIx::UserDB will handle the management of user, group and privilege tables as well as consultation with an Access Control List to authorize access to applications and resources. I've been hacking on the former to integrate with the latter.Passwords are uuencoded for storage (for minimal privacy not for secur +ity), so take this into account when setting the password field's len +gth. If you want to store password in plaintext, use the scramble_pas +sword method.
It seems now that the one missing piece for my access control / security regime is a method for encrypting passwords used in my authentication scheme. I'll use an ssl connection to prevent sniffing, man-in-the-middle threats. Now my concern is with folks who might have shell access to the database server for applications deployed to shared hosting environments. If I could only figure out how to use these tools together with a password encryption scheme, and a method for comparing encrypted passwords at authentication, I'd be in business.
Can anyone advise me on this? All help is appreciated.
-- Hugh
In reply to Integrating Password encryption into DBIx::UserDB by hesco
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |