Newbie question-- Perl pw authentication without pop-up prompt

Discussion in 'Perl' started by Mike O'Leary, Apr 22, 2004.

  1. Mike O'Leary

    Mike O'Leary Guest

    Hello, forgive me if this is the worng group to be asking this in, but I
    hope you guys can help this relative newbie out. My boss is looking to
    password protect certain areas of the server, but with the following
    stipulation: The username and password must be entered in a form, and
    not using the standard .htaccess pop-up window. He's specifically
    looking for either of the following:

    1) A perl script that utilizes the .htaccess protections of the
    company's Apache server, but doesn't bring up the pop-up password box.

    2) Something that completely foregoes .htaccess, but still provides
    similar protection using a login page.

    So far we've tried a program called Locked Area Lite, which is an
    excellent program that did exactly what we needed except for one
    problem: A change from Internet Explorer 5 to Internet Explorer 6 has
    eliminated the method that Locked Area used to send the password via an
    html page.

    We also have a copy of the Cgi-Perl Cookbook, which has a script called
    authenticate.cgi, but it never seemed to work.

    I've checked through groups.google.com and have sifted through numerous
    posts but none of which have given us a solution.

    Also, in your opinion, is a perl/cgi based authentication setup secure.
    I've seen a few newsgroup posts that hint it's not as effective as
    ..htaccess, but I'd be curious to know if it would be best not to use on
    a company web server.

    Thank you for your time. Any assistance is appreciated.

    Mike O
     
    Mike O'Leary, Apr 22, 2004
    #1
    1. Advertising

  2. Mike O'Leary

    Guest

    Mike O'Leary <> wrote in message news:<>...
    > Hello, forgive me if this is the worng group


    This newsgroup does not exist. It is definitely the wrong group in
    all cases. Even if it did exist it would probablty be wrong.


    > My boss is looking to
    > password protect certain areas of the server, but with the following
    > stipulation: The username and password must be entered in a form, and
    > not using the standard .htaccess pop-up window. He's specifically
    > looking for either of the following:
    >
    > 1) A perl script that utilizes the .htaccess protections of the
    > company's Apache server, but doesn't bring up the pop-up password box.
    >
    > 2) Something that completely foregoes .htaccess, but still provides
    > similar protection using a login page.
    >
    > So far we've tried a program called Locked Area Lite, which is an
    > excellent program that did exactly what we needed except for one
    > problem: A change from Internet Explorer 5 to Internet Explorer 6 has
    > eliminated the method that Locked Area used to send the password via an
    > html page.
    >
    > We also have a copy of the Cgi-Perl Cookbook, which has a script called
    > authenticate.cgi, but it never seemed to work.


    CGI is the wrong tool is you want Apache to serve up regular static
    content but want to hook in to the authentication phase. You probably
    should use a cookie-based authentication module for Apache mod_perl
    e.g. Apache::AuthCookie.

    If you don't want to be cookie dependant there's also
    Apache::AuthCookieURL but it strikes me that it would be better to
    require cookies. After all this is precisely why cookies exist.

    > I've checked through groups.google.com and have sifted through numerous
    > posts but none of which have given us a solution.
    >
    > Also, in your opinion, is a perl/cgi based authentication setup secure.
    > I've seen a few newsgroup posts that hint it's not as effective as
    > .htaccess,


    That would depend on many factors. So long as access (other than web
    access) to your web server is restricted to trusted persons then all
    authentication schemes that involve transmitting a plain-text
    equivalent password are as strong or as weak as the tranmission
    channel.
     
    , Apr 23, 2004
    #2
    1. Advertising

  3. Mike O'Leary

    Mike O'Leary Guest

    Thank you! You've been beyond helpful. We'll do some more research here
    and hopefully this will all work out.

    Mike O.
     
    Mike O'Leary, Apr 23, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. whidy
    Replies:
    2
    Views:
    632
    Xavier MT
    Aug 19, 2003
  2. gaurav kashyap
    Replies:
    2
    Views:
    623
    gaurav kashyap
    Oct 30, 2008
  3. gaurav kashyap
    Replies:
    3
    Views:
    690
    gaurav kashyap
    Oct 31, 2008
  4. Mel
    Replies:
    10
    Views:
    3,142
    Sailaja Appi
    Feb 13, 2009
  5. Mmcolli00 Mom
    Replies:
    6
    Views:
    154
    David Palacio
    Dec 12, 2008
Loading...

Share This Page