Return-Path: Delivered-To: apmail-perl-embperl-archive@www.apache.org Received: (qmail 46514 invoked from network); 14 Sep 2005 03:05:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 14 Sep 2005 03:05:22 -0000 Received: (qmail 60522 invoked by uid 500); 14 Sep 2005 03:05:22 -0000 Delivered-To: apmail-perl-embperl-archive@perl.apache.org Received: (qmail 60505 invoked by uid 500); 14 Sep 2005 03:05:21 -0000 Mailing-List: contact embperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list embperl@perl.apache.org Received: (qmail 60492 invoked by uid 99); 14 Sep 2005 03:05:21 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2005 20:05:21 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of gavin@openfusion.com.au designates 150.101.122.121 as permitted sender) Received: from [150.101.122.121] (HELO granite.openfusion.com.au) (150.101.122.121) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 13 Sep 2005 20:05:31 -0700 Received: (qmail 31428 invoked by uid 900); 14 Sep 2005 03:03:13 -0000 Date: Wed, 14 Sep 2005 13:03:13 +1000 From: Gavin Carr To: embperl@perl.apache.org Subject: Re: username and password with basic auth Message-ID: <20050914030313.GH24660@openfusion.com.au> Mail-Followup-To: embperl@perl.apache.org References: <43272988.5080705@cubic.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43272988.5080705@cubic.org> User-Agent: Mutt/1.4.1i Organisation: Open Fusion X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On Tue, Sep 13, 2005 at 09:33:28PM +0200, Dirk Jagdmann wrote: > I'm currently developing a software which is receiving requests via http > where username and password are transmitted via HTTP (basic) > authentication (as base64 encoded string in the HTTP request header). > The other parameters are transmitted as a GET request, thus encoded into > the URL of the request. > > If have (yet) not found any way to retrieve the password in my perl > code. The username is set in the REQUEST_USER environment variable, but > I did not find out, wherer I can access the password. Is this possible? I haven't tried it, but you should just be able to get the Authorization http header (via the apache request) and base64 decode it, giving you a 'username:password' string. Of course, Basic Authentication is evil, and should only be used for toy projects (since it doesn't scale) over HTTPS. > Or would it be possible if I code a custom Auth Handler (as shown in the > mod_perl manual) and then store the password somewhere where I can > access it from my (Emb)perl code? Yep. There are lots of ways to do this - my mod_auth_tkt module: http://www.openfusion.com.au/labs/mod_auth_tkt/ is one, providing a drop-in replacement for Basic Authentication, apache single-signon, yada yada. You'd typically just store the encrypted password in the auth ticket data section, which shows up in the REMOTE_USER_DATA environment variable. Cheers, Gavin --------------------------------------------------------------------- To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org For additional commands, e-mail: embperl-help@perl.apache.org