non-mod_perl authentication

gri6507 has asked for the wisdom of the Perl Monks concerning the following question:

I must apologize ahead of time if some monks deem this content inappropriate. I am new to website authentication and am not sure if I have all my facts straight. My server is running Win2k with Apache2.0, which I do not believe comes with mod_perl. I was looking for alternatives to user authentication. My idea was have a .htaccess + .htpasswd files and then have a regular CGI script pass the user credintials to the protected page like this http://$username:$passwd@$server/$restrictedPage. Is this acceptable for mediocre security? Also, once a user is logged in, is there some ENV var set that says who is logged in, so that my CGI script can deal with that user directly?

Thanks for your help.

Comment on non-mod_perl authentication Download Code

Replies are listed 'Best First'.
Re: non-mod_perl authentication by Chmrr (Vicar) on Nov 26, 2002 at 15:50 UTC
A quick clarification -- mod_perl is not needed to do HTTP Simple authentication, which is what .htaccess and .htpasswd files will get you by default. Also, mod_perl is easy to get for Apache 2.0 under win32. That being said, this is more of an Apache question than a perl question. You simply need to set up your .htaccess and .htpasswd files correctly, and without any perl programming, you'll get Simple authentication (which may or may not be what you want..) A quick search turned up this quick guide to writing said files. As it notes, $ENV{REMOTE_USER} will be set to the remote user name. mod_perl will come in handy if you want to authenticate against other, more complicated authentication sources. perl -pe '"I lo`+$^X$\"$]!$/"=~m%(.)%s;$_=$1;y^`+*^e v^#$&V"+@( NO CARRIER'	[reply]

Replies are listed 'Best First'.

Re: non-mod_perl authentication
by Chmrr (Vicar) on Nov 26, 2002 at 15:50 UTC

A quick clarification -- mod_perl is not needed to do HTTP Simple authentication, which is what .htaccess and .htpasswd files will get you by default. Also, mod_perl is easy to get for Apache 2.0 under win32.

That being said, this is more of an Apache question than a perl question. You simply need to set up your .htaccess and .htpasswd files correctly, and without any perl programming, you'll get Simple authentication (which may or may not be what you want..) A quick search turned up this quick guide to writing said files. As it notes, $ENV{REMOTE_USER} will be set to the remote user name.

mod_perl will come in handy if you want to authenticate against other, more complicated authentication sources.

perl -pe '"I lo*`+$^X$\"$]!$/"=~m%(.*)%s;$_=$1;y^`+*^e v^#$&V"+@( NO CARRIER'

[reply]