shiza has asked for the wisdom of the Perl Monks concerning the following question:

I am adding an external db interface via an Apache Module to an application I have. This module will allow local database manipulation from remote admins. Does anyone have any suggestions on what I should use to authenticate?
  • Comment on Writing a secure Apache Module mysql DB interface

Replies are listed 'Best First'.
Re: Writing a secure Apache Module mysql DB interface
by perrin (Chancellor) on Oct 15, 2004 at 16:37 UTC
    Are you asking which module you should use? There are several solid ones for mod_perl, based on ticket access models. One question is whether or not you need to track session data, or just need to grant access.
[reply]
      My focus right now is to just grant access.
[reply]
Re: Writing a secure Apache Module mysql DB interface
by Your Mother (Archbishop) on Oct 16, 2004 at 02:44 UTC

    A way to add some security is with an IP filtering PerlAccessHandler. A simple demo follows. I don't think this is truly secure though unless you're on a VPN or something where you can trust the calling IP's validity. Someone will correct me if that's not right.

    package Apache::IPfilter;
use Apache::Constants qw(:common);

sub handler {
    my $r = shift;

    return DECLINED unless $r->is_initial_req();

    my $calling_ip = $r->get_remote_host();

    for my $ip ( $r->dir_config->get('allowed_ip') ) {
        return OK if $ip eq $calling_ip;
    }

    warn(
         'Denied access to, ',
         $r->uri(),
         ', by caller ',
         $calling_ip,
         " not in access list.\n"
         );
    return FORBIDDEN;
}
1;

    [download]

    Then in your httpd.conf something like this containing the IPs your trusted admins use to visit your server:

      PerlAccessHandler Apache::IPfilter

  PerlSetVar allowed_ip 127.0.0.1
  PerlAddVar allowed_ip 205.196.208.198

    [download]
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom