I'm finally meeting with some limited success in my tests with CGI::Application. I'm using the Plugin::Authentication module to control access, reading a user-group-acl database created and maintained by code which wraps DBIx::UserDB.

It all works just fine when I'm using plain text passwords. But when I try to encrypt the passwords with md5, the whole thing breaks down pretty quick.

Relevant code from my CGI::App module: 

use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::Authentication::Driver::Filter::md5;

DistroPrsRls->authen->config(
  DRIVER => [ 'DBI',
    DBH         => $authdb,
    TABLE       => 'userdb',
    CONSTRAINTS => {
      'userdb.username' => '__CREDENTIAL_1__',
      'MD5:userdb.password' => '__CREDENTIAL_2__'
      # 'userdb.password' => '__CREDENTIAL_2__'
    },
  ],
  STORE => 'Session',
  POST_LOGIN_RUNMODE => 'login_welcome',
  POST_LOGIN_CALLBACK => \&update_login_date,
  CREDENTIALS => [ 'authen_username', 'authen_domain', 'authen_passwor
+d' ],
  LOGIN_SESSION_TIMEOUT => {
    IDLE_FOR => '5m',
    EVERY    => '1h'
  },
);

[download]
and my latest experiment with the code which creates the user who's password is tested: 

use DBIx::UserDB;
use DBIx::SearchProfiles;
use Digest::MD5 qw(md5_hex);

sub CreateUser {
  my($userdb,$username,$password)=@_;
  print STDERR "Running Create User Subroutine.\n";
  # store md5 hash of password
  my $digest = md5_hex($password);
  # my $string = MD5->hexhash($password);

  my $user = { username => $username, password => $digest };
  $user = $userdb->user_create( $user );
  return;
}

[download]
I seem to have more options for how to encrypt it at the time of creation. I have found fewer models for how to encrypt the login password which gets checked against the database.

But as these two tools are not quite written to interface with one another, I'd appreciate some guiance on how to make them play nice.

Any ideas?

-- Hugh

In reply to comparing md5 hashed passwords by hesco

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.