Can Apache::DBI do this???

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

What I'm trying to do is:

Ask username/password from a CGI/HTML page (generated by a perl script using CGI.pm),
use that username/password to connect to MySQL database,
allow connection with the database until the user hit "Logout" button.

My CGI perl script can already communicate with MySQL database (using DBI and DBD:MySQL). The script is for user to access the database, update/delete records.

However the username/password are stored in the script, in plaintext.

Is there any way to accomplish it? If Apache::DBI is the way to go, how should I change my existing script (assuming I get Apache::DBI installed)? Any good reference I should read?

I'm using Perl 5.005, DBI 1.15, and Apache as the web server. Any help is appreciated. Thank you. Thank you.

Comment on Can Apache::DBI do this???

Replies are listed 'Best First'.
Re: Can Apache::DBI do this??? by DrZaius (Monk) on May 08, 2001 at 00:34 UTC
Apache::DBI is for caching dbh's, not authentication. It requires modperl. If you want to do cookie authentication, look at Apache::ApacheCookie -- it offers a framework for setting up custom cookie authentication.	[reply]
Re: Can Apache::DBI do this??? by arturo (Vicar) on May 08, 2001 at 00:44 UTC
Yes, there is a way to allow users to access a DBMS with custom permissions, but you'll have to be very careful about security. The steps might go like this: User arrives at site, clicks "log me in to database" User is sent to (preferably) an HTTPS URL where they are presented with username and password; they then enter in their DB user name and password session for the user is created (perhaps in DB, in a table readable by CGI script); session ID can be stored on the client-side in, say a cookie. on each subsequent request, the user's cookie is read, the session info looked up, and used to get a connection to the database after the user has explicitly clicked 'log out' or hasn't made a request for a timeout period (say, 5 minutes or whatever makes sense), the session is deleted from the DB. Now, that won't get you the caching goodness of Apache::DBI, and you'll have to create a new db handle on each subsequent request. Myself, I'm just too lazy to read up on whether `Apache::DBI` is able to cache many different kinds of handles (different users/passwords); but I wouldn't be surprised if it did. Update maybe it will: gratuitous document quoting => [when configured appropriately, Apache] looks if the environment variable GATEWAY_INTERFACE starts with 'CGI-Perl' and if the module Apache::DBI has been loaded. In this case every connect request will be forwarded to the Apache::DBI module. This looks if a database handle from a previous connect request is already stored and if this handle is still valid using the ping method. If these two conditions are fulfilled it just returns the database handle. The parameters defining the connection have to be exactly the same, including the connect attributes ! If there is no appropriate database handle or if the ping method fails, a new connection is established and the handle is stored for later re-use [download] so, apparently, yes. HTH	[reply] [d/l] [select]
Re: Re: Can Apache::DBI do this??? by Anonymous Monk on May 08, 2001 at 00:57 UTC
Wow, that was fast.... replies in 10 minutes! Thanks for the answers. They should give me some idea to start.	[reply]
Re: Can Apache::DBI do this??? by tune (Curate) on May 08, 2001 at 00:43 UTC
You can use mod_auth_mysql for this purpose so you don't have to code. I found this link about that, but i am sure there are better documentations too. -- tune	[reply]
Re: Can Apache::DBI do this??? by princepawn (Parson) on May 08, 2001 at 00:54 UTC
This is a great topic, but it is poorly titled. Please see Renaminmg nodes for ease of search for details.	[reply]
Re: Re: Can Apache::DBI do this??? by Anonymous Monk on May 08, 2001 at 01:24 UTC
Thanks for the comment. I've asked the editor to change the title.	[reply]