perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gavin Carr <ga...@openfusion.com.au>
Subject Re: username and password with basic auth
Date Wed, 14 Sep 2005 03:03:13 GMT
On Tue, Sep 13, 2005 at 09:33:28PM +0200, Dirk Jagdmann wrote:
> I'm currently developing a software which is receiving requests via http
> where username and password are transmitted via HTTP (basic)
> authentication (as base64 encoded string in the HTTP request header).
> The other parameters are transmitted as a GET request, thus encoded into
> the URL of the request.
> 
> If have (yet) not found any way to retrieve the password in my perl
> code. The username is set in the REQUEST_USER environment variable, but
> I did not find out, wherer I can access the password. Is this possible?

I haven't tried it, but you should just be able to get the Authorization
http header (via the apache request) and base64 decode it, giving you a
'username:password' string.

Of course, Basic Authentication is evil, and should only be used for toy
projects (since it doesn't scale) over HTTPS.

> Or would it be possible if I code a custom Auth Handler (as shown in the
> mod_perl manual) and then store the password somewhere where I can
> access it from my (Emb)perl code?

<plug>

Yep. There are lots of ways to do this - my mod_auth_tkt module:

  http://www.openfusion.com.au/labs/mod_auth_tkt/

is one, providing a drop-in replacement for Basic Authentication, 
apache single-signon, yada yada. You'd typically just store the
encrypted password in the auth ticket data section, which shows
up in the REMOTE_USER_DATA environment variable.

</plug>

Cheers,
Gavin


---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org


Mime
View raw message