[plug] Validating a user/passwd

[Steve Grasso]

Paul,

>I imagine this will be a simple one.

On first look it appears to be a simple problem, in practice I've found
that solutions for validating/authenticating access for users is almost
never simple!

>I am setting up an CGI web page which will produce certain information for
>the user after they have validated themselves and I want to validate based
>on their login passwords.

Host login password, application login password or directory/file login
password?

As you've no doubt learnt already, directory/file access may be restricted
at the webserver level (Apache, maybe others) by configuring htaccess and
using htpasswd (a la Matt Kemner's email - note the attention he draws to
the dangerous practice of using host login passwords to authenticate access
to htaccess protected directories/files)

If you elect to control access using htaccess/htpasswd, you may find a perl
htaccess admin script written by David Efflandt useful.
(http://www.xnet.com/~efflandt/pub/htpasswd.pl). I've used a heavily
modified version of this successfully to give users some control over their
own passwords for accessing restricted directories, and to make my own
admin job easier.

I've also written a few validation scripts (perl) to control CGI access at
application level. While I can't give you the source (my boss would never
agree!) I'd be happy to give you some off-list pointers if you're interested.

Also, for perl tid-bits, I've found the Perl Annotated Archives - Code with
Commentary by Martin Brown (Mcgraw-Hill, 1999) $89.95 @ Dymocks to be a
useful resource in addition to the ones mentioned by Garry B.

All the best,
Steve