perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gavin Carr <>
Subject Re: username and password with basic auth
Date Wed, 14 Sep 2005 03:03:13 GMT
On Tue, Sep 13, 2005 at 09:33:28PM +0200, Dirk Jagdmann wrote:
> I'm currently developing a software which is receiving requests via http
> where username and password are transmitted via HTTP (basic)
> authentication (as base64 encoded string in the HTTP request header).
> The other parameters are transmitted as a GET request, thus encoded into
> the URL of the request.
> If have (yet) not found any way to retrieve the password in my perl
> code. The username is set in the REQUEST_USER environment variable, but
> I did not find out, wherer I can access the password. Is this possible?

I haven't tried it, but you should just be able to get the Authorization
http header (via the apache request) and base64 decode it, giving you a
'username:password' string.

Of course, Basic Authentication is evil, and should only be used for toy
projects (since it doesn't scale) over HTTPS.

> Or would it be possible if I code a custom Auth Handler (as shown in the
> mod_perl manual) and then store the password somewhere where I can
> access it from my (Emb)perl code?


Yep. There are lots of ways to do this - my mod_auth_tkt module:

is one, providing a drop-in replacement for Basic Authentication, 
apache single-signon, yada yada. You'd typically just store the
encrypted password in the auth ticket data section, which shows
up in the REMOTE_USER_DATA environment variable.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message