[plug] Validating a user/passwd
Steve Grasso
steveg at calm.wa.gov.au
Wed Oct 6 09:49:18 WST 1999
Paul,
>I imagine this will be a simple one.
On first look it appears to be a simple problem, in practice I've found
that solutions for validating/authenticating access for users is almost
never simple!
>I am setting up an CGI web page which will produce certain information for
>the user after they have validated themselves and I want to validate based
>on their login passwords.
Host login password, application login password or directory/file login
password?
As you've no doubt learnt already, directory/file access may be restricted
at the webserver level (Apache, maybe others) by configuring htaccess and
using htpasswd (a la Matt Kemner's email - note the attention he draws to
the dangerous practice of using host login passwords to authenticate access
to htaccess protected directories/files)
If you elect to control access using htaccess/htpasswd, you may find a perl
htaccess admin script written by David Efflandt useful.
(http://www.xnet.com/~efflandt/pub/htpasswd.pl). I've used a heavily
modified version of this successfully to give users some control over their
own passwords for accessing restricted directories, and to make my own
admin job easier.
I've also written a few validation scripts (perl) to control CGI access at
application level. While I can't give you the source (my boss would never
agree!) I'd be happy to give you some off-list pointers if you're interested.
Also, for perl tid-bits, I've found the Perl Annotated Archives - Code with
Commentary by Martin Brown (Mcgraw-Hill, 1999) $89.95 @ Dymocks to be a
useful resource in addition to the ones mentioned by Garry B.
All the best,
Steve
More information about the plug
mailing list