Implemention of Access Control

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,
I am developing a web application. I want to implement access control for this application. There are so many buss-functions defined as perl subroutines. I am using MySql as database.
Each function is done thru links/button.

I have two solution in my mind
1. Dont display link if the user dont have access to (check acl before request).
2. check the ACL while processing the request.

I am maintaining session with timeout period of 2days. Please suggest me the best solution
. Any reference or best solutions/guideline is helpful for me Thanks

Comment on Implemention of Access Control

Replies are listed 'Best First'.
Re: Implemention of Access Control by moritz (Cardinal) on Nov 02, 2007 at 10:55 UTC
The usual approach is to set a cookie as soon as the user is logged in, and store the login/session information with CGI::Session. And you should only display links that the user is allowed to used and check before each action if the user has sufficient permissions.	[reply]
Re: Implemention of Access Control by MonkE (Hermit) on Nov 02, 2007 at 11:26 UTC
Definitely do not rely on the absence of a link to protect access to your data. Someone will eventually figure out the URL for the (missing) link anyway. Always check access before each operation.	[reply]
Re: Implemention of Access Control by roboticus (Chancellor) on Nov 02, 2007 at 16:02 UTC
Do both. Don't give the users with less access the impression that they can do a task when you're going to prevent them from doing it. And check ACL before performing operation just in case some wiseacre fakes a link to do it anyway. ...roboticus	[reply]
Re: Implemention of Access Control by arcnon (Monk) on Nov 02, 2007 at 14:52 UTC
when you login successfully create a profile for that user. In that profile I give a access level. Usually the columns from a user table in my database. Next create a hash with a "link_name" => "access_level" relationship. When building your menu... `if ($profile{permissions} == $menu{link_access}) { print .... html to the link }` [download] On a side note I use this method BUT it can turn into quite a mess depending on the complexity of the access condtional so plan carefully.	[reply] [d/l]