in reply to CGI Authenticaiton

Have you considered using HTTP auth? If you can't use cookies, it's quite a nice way of doing authentication. You can probably just tell Apache to do it and keep all the authentication stuff out of your Perl scripts. (Hardest part is teaching Apache your database structure so that it can check the passwords.)

HTTP auth can be implemented in Perl too, but CPAN seems to have a dearth of modules to do it for you. (There are some for Catalyst and Plack, but not classic CGI.)

Replies are listed 'Best First'.
Re^2: CGI Authenticaiton
by Anonymous Monk on Feb 09, 2012 at 23:23 UTC

    HTTP auth can be implemented in Perl too, but CPAN seems to have a dearth of modules to do it for you. (There are some for Catalyst and Plack, but not classic CGI.)

    Right, because classic CGI ( as in mod_cgi, http://tools.ietf.org/html/rfc3875 ) , doesn't provide for external programs to perform authentication (it will strip any Www-authenticate headers) -- its a limitation of CGI

    You can work around it in apache by
    compile Apache with -DSECURITY_HOLE_PASS_AUTHORIZATION option,
    use mod_rewrite to pass the Authorization header to the application with the rewrite rule like following (see Plack::Middleware::Auth::Basic)
    use mod_perl
    use fastcgi configured with "-pass-header HTTP_AUTHORIZATION "
[reply]

In Section Seekers of Perl Wisdom