perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tosh Cooey <t...@1200group.com>
Subject Re: mod_perl waters too deep
Date Mon, 14 Dec 2009 16:25:02 GMT
Hi Randal, sorry my message wasn't concise enough, perhaps I was letting 
the haze of it reflect my haze of this problem...

Anyway, this is not a hosting environment.  This is an application, for 
example like GMail for Business is an email application that lets a 
business, like mine, go to:

http://mail.google.com/a/1200group.com/

There my users can log in and check their mails.

I assume the "1200group.com" is being used as a key to identify which 
database to lookup the users in, or something similar.

I want to accomplish the same:

http://www.site.com/clientA/calendar.pl

So all users of "clientA", if they go to the above link, would be 
prompted to log in and my MyAuthCookieDBI would handle this on the fly.

On a side note, Matisse Enzer the author of Apache2::AuthCookieDBI just 
informed me that I can override the methods in his module like this:

*Apache2::AuthCookieDBI::_dbi_connect = sub { # your code goes here };

So there seems to be some light at the end of the tunnel, but I do see a 
large truck coming towards me in the form of the next problem which is I 
need different authentication methods for different uses of my 
application.  I'm not too sure if I can change Auth methods on the fly 
in MyAuthCookieDBI, or if I need to assign these different 
authentication schemes to different path directives.  I suspect the 
small light at the end of my tunnel is in fact a bullet train...

Thanks again for letting me clarify Randal!

Tosh



Randal L. Schwartz wrote:
>>>>>> "Tosh" == Tosh Cooey <tosh@1200group.com> writes:
> 
> Tosh> I want to setup an application for multiple clients, each of whom have their
> Tosh> own users.
> 
> Tosh> http://www.site.com/clientA/application.pl
> Tosh> http://www.site.com/clientB/application.pl
> Tosh> http://www.site.com/clientX/application.pl
> 
> Just an aside, but
> 
> (a) can your clients load their own code onto the server without you
>     intervening, and if so
> (b) do all of your clients *absolutely* trust each other?
> 
> I'm saying this because I'm not sure if you realize that the trust domain for
> mod_perl is the entire server.  If I can upload code to the same server you're
> using, I can mess up your day, pretty bad, because the Perl interpreters are
> necessarily shared.
> 
> For example, I can patch the loaded CGI.pm so that if it sees your code and a
> secret extra parameter, it automatically gives me complete access to your
> data.
> 
> This is why there are no "shared hosting" plans for mod_perl that don't
> require running completely separate clusters of apache servers.  There's
> nothing like "su-exec" for mod_perl - it's not even possible.
> 

-- 
McIntosh Cooey - Twelve Hundred Group LLC - http://www.1200group.com/

Mime
View raw message