q about LWP:UserAgent credentials()

Discussion in 'Perl Misc' started by dan baker, Jan 19, 2004.

  1. dan baker

    dan baker Guest

    I have figured out how to use LWP:UserAgent and authorization_basic()
    to enable POSTing from one script to another under htaccess (in the
    same directory on the same server)... However this requires passing
    the user's password in clear text, which means I have to have all the
    passwords stored in clear text on the server, which I'm not crazy
    about for security.

    what I'd really like to be able to do is grab the credentials of
    whomever is logged in running the first script, and allow them to run
    the second script via the UserAgent.

    Is this possible?
    are the credentials() or get_basic_credentials() the methods to use to
    do this?

    I've read the docs on these methods, but could not find any real
    details or examples about what they do or how to use them. Does anyone
    know of a tutorial or example on what these methods can be used for?

    thanks,

    D
     
    dan baker, Jan 19, 2004
    #1
    1. Advertising

  2. (dan baker) writes:

    > I have figured out how to use LWP:UserAgent and authorization_basic()
    > to enable POSTing from one script to another under htaccess (in the
    > same directory on the same server)... However this requires passing
    > the user's password in clear text, which means I have to have all the
    > passwords stored in clear text on the server, which I'm not crazy
    > about for security.
    >
    > what I'd really like to be able to do is grab the credentials of
    > whomever is logged in running the first script, and allow them to run
    > the second script via the UserAgent.
    >
    > Is this possible?


    Are you talking about CGI here?

    On some servers HTTP it is possible to configure them to include the
    plaintext basic authorization credentials in the CGI environment.

    How to do this, of course, has nothing to do with Perl. (On at least
    one release of IIS this was the default - which, of course, is not
    good).

    > are the credentials() or get_basic_credentials() the methods to use to
    > do this?


    Not as far as I can see - these are for manipulating the HTTP::Request
    objects that exist within Perl (LWP) is acting as an HTTP client.

    --
    \\ ( )
    . _\\__[oo
    .__/ \\ /\@
    . l___\\
    # ll l\\
    ###LL LL\\
     
    Brian McCauley, Jan 20, 2004
    #2
    1. Advertising

  3. dan baker

    gnari Guest

    "Brian McCauley" <> wrote in message
    news:...
    > (dan baker) writes:
    >
    > > ...
    > > are the credentials() or get_basic_credentials() the methods to use to
    > > do this?

    >
    > Not as far as I can see - these are for manipulating the HTTP::Request
    > objects that exist within Perl (LWP) is acting as an HTTP client.
    >


    actually, I interpreted the OP's question as that he intented to
    call a HTTP::Request to the second script from within the processing
    of the first. his problem was that he had not figured a way to
    extract the credentials info from his CGI environment.

    if he controls the second script he can just do any necessary
    changes to it to allow the first script to call it directly.

    if he cannot do that, he can make a variant of the second script
    to do the same, or just emulate the CGI environment when he call it.

    gnari
     
    gnari, Jan 20, 2004
    #3
  4. "gnari" <> writes:

    > "Brian McCauley" <> wrote in message
    > news:...
    > > (dan baker) writes:
    > >
    > > > ...
    > > > are the credentials() or get_basic_credentials() the methods to use to
    > > > do this?

    > >
    > > Not as far as I can see - these are for manipulating the HTTP::Request
    > > objects that exist within Perl (LWP) is acting as an HTTP client.
    > >

    >
    > actually, I interpreted the OP's question as that he intented to
    > call a HTTP::Request to the second script from within the processing
    > of the first.


    So did I.

    > his problem was that he had not figured a way to
    > extract the credentials info from his CGI environment.


    That's what I thought too.

    > if he controls the second script he can just do any necessary
    > changes to it to allow the first script to call it directly.


    You are right, this smells of an XY problem. I only addresed the Y.
    You have a offered better solution to what we guess is his X.

    A better solution to X is to rip the guts of the second script out
    into a module that is used by both scripts - this completely elminates
    the need to spawn a separate process.

    > if he cannot do that, he can make a variant of the second script
    > to do the same,


    Bad idea - that way lies a maintainance headache every time the second
    script changes.

    > or just emulate the CGI environment when he call it.


    "or just"? This is not trivial - but I think there may be a module to
    do it.

    --
    \\ ( )
    . _\\__[oo
    .__/ \\ /\@
    . l___\\
    # ll l\\
    ###LL LL\\
     
    Brian McCauley, Jan 20, 2004
    #4
  5. dan baker

    dan baker Guest

    "gnari" <> wrote in message news:<buiq30$a6r$>...
    > his problem was that he had not figured a way to
    > extract the credentials info from his CGI environment.

    -------
    exactly... I want to simply pass along whatever I need to allow the
    second script to run with the same (already logged in) user that is
    running the first script.

    I CAN load and pass the RemoteUser and Password using
    authorization_basic(), but I dont WANT to store the clear text
    passwords on the server if I can help it.

    d
     
    dan baker, Jan 20, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. La Jesus
    Replies:
    9
    Views:
    1,339
    Gunnar Hjalmarsson
    Oct 27, 2003
  2. Chandra

    Problem with LWP::USERAGENT

    Chandra, Feb 25, 2004, in forum: Perl
    Replies:
    0
    Views:
    510
    Chandra
    Feb 25, 2004
  3. Vinay Gupta
    Replies:
    2
    Views:
    1,123
    Michael Schlenker
    Jul 27, 2004
  4. Playker
    Replies:
    0
    Views:
    516
    Playker
    Feb 24, 2005
  5. John Stumbles

    LWP::UserAgent credentials netloc and realm

    John Stumbles, May 27, 2005, in forum: Perl Misc
    Replies:
    0
    Views:
    103
    John Stumbles
    May 27, 2005
Loading...

Share This Page