I have taken a look at CGI::Application::Plugin::Authentication in the mean time and while it would be the right module to replace my previous authentication and session handling, it looks as if it is engineered only for checking the credentials, not updating them. Read-only means it's still a lot of coding to get to the management functionality I'm after.
I think that is "as expected". The .htaccess file is a static file in your webserver which must be at all times available and readable by the web-server to administer the authentication process. Many (sub-)processes/threads/workers can read the same file without any problem. But once you will write to that file, perhaps even by different (sub-)processes/threads/workers at more or less the same time, you open yourself to ugly race-conditions or unavailability of the server during the write-process.
If you are thinking of changing your set-up anyhow, why not explore a database-centered user administration?
Update: That being said, there is Apache::Htpasswd which provides write access to the .htaccess file. I have no idea how secure or safe it is and whether it implements any protection against race conditions.
CountZero
A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James
In reply to Re^3: HTTPD-Password Self-Management and Recovery
by CountZero
in thread HTTPD-Password Self-Management and Recovery
by mhi
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |