Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Apache vs custom authentication & authorization

Reply
Thread Tools

Apache vs custom authentication & authorization

 
 
Charles Packer
Guest
Posts: n/a
 
      07-26-2007
For the "existing suite of CGI scripts"
mentioned in the earlier thread "Streamlining
login..." it turns out that our Leader
opposes Apache authentication and
authorization. The main objections are,
first, that it takes sysadmin-level
knowledge to add a new user or set up a new
level of privilege, and second, that
authorization is tied to the directory
structure of the affected scripts.

Therefore I'm thinking of a custom-made
approach that would start with a browser form
to be used by an operator to add new
users and indicate which processes they may
run. Then it looks like the CGI::Auth module
or, even better, CGI::Auth::Auto is what to
use for authentication, assuming that I'm
able to maintain its files with the
above-mentioned browser tool. As I
understand it, at the start of every
sensitive script I would call check(),
which would handle the authentication,
including possible session timeout. It
will present a login page of my own design,
right? Then I would be on my own for the
authorization step, i.e. determining whether
this user is allowed to execute this script.
Presumably this would involve checking a
list that would be maintained by the operator
through the same browser tool that that's
used to add users. Anybody see any problems
with this? No news will be good news...

--
Charles Packer
http://cpacker.org/whatnews
mailboxATcpacker.org

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache User/Pass - 401 Authorization Required Kleber A. Ruby 0 03-28-2011 03:36 AM
Complicated Custom Authentication/Authorization scheme question, Please HELP! Allawy ASP .Net Security 0 08-18-2008 10:00 PM
URL Authorization does not override File Authorization? SeanRW ASP .Net Security 1 05-25-2006 06:18 AM
Custom Authentication and Authorization coollzh ASP .Net 1 04-14-2004 06:56 AM
authorization and authentication in Web.config ASP .Net 0 11-03-2003 10:30 AM



Advertisments