q about LWP:UserAgent credentials()

D

dan baker

I have figured out how to use LWP:UserAgent and authorization_basic()
to enable POSTing from one script to another under htaccess (in the
same directory on the same server)... However this requires passing
the user's password in clear text, which means I have to have all the
passwords stored in clear text on the server, which I'm not crazy
about for security.

what I'd really like to be able to do is grab the credentials of
whomever is logged in running the first script, and allow them to run
the second script via the UserAgent.

Is this possible?
are the credentials() or get_basic_credentials() the methods to use to
do this?

I've read the docs on these methods, but could not find any real
details or examples about what they do or how to use them. Does anyone
know of a tutorial or example on what these methods can be used for?

thanks,

D
 
B

Brian McCauley

I have figured out how to use LWP:UserAgent and authorization_basic()
to enable POSTing from one script to another under htaccess (in the
same directory on the same server)... However this requires passing
the user's password in clear text, which means I have to have all the
passwords stored in clear text on the server, which I'm not crazy
about for security.

what I'd really like to be able to do is grab the credentials of
whomever is logged in running the first script, and allow them to run
the second script via the UserAgent.

Is this possible?
Click to expand...

Are you talking about CGI here?

On some servers HTTP it is possible to configure them to include the
plaintext basic authorization credentials in the CGI environment.

How to do this, of course, has nothing to do with Perl. (On at least
one release of IIS this was the default - which, of course, is not
good).
are the credentials() or get_basic_credentials() the methods to use to
do this?
Click to expand...

Not as far as I can see - these are for manipulating the HTTP::Request
objects that exist within Perl (LWP) is acting as an HTTP client.

--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
 
G

gnari

Brian McCauley said:
Not as far as I can see - these are for manipulating the HTTP::Request
objects that exist within Perl (LWP) is acting as an HTTP client.
Click to expand...

actually, I interpreted the OP's question as that he intented to
call a HTTP::Request to the second script from within the processing
of the first. his problem was that he had not figured a way to
extract the credentials info from his CGI environment.

if he controls the second script he can just do any necessary
changes to it to allow the first script to call it directly.

if he cannot do that, he can make a variant of the second script
to do the same, or just emulate the CGI environment when he call it.

gnari
 
B

Brian McCauley

gnari said:
actually, I interpreted the OP's question as that he intented to
call a HTTP::Request to the second script from within the processing
of the first.
Click to expand...

So did I.
his problem was that he had not figured a way to
extract the credentials info from his CGI environment.
Click to expand...

That's what I thought too.
if he controls the second script he can just do any necessary
changes to it to allow the first script to call it directly.
Click to expand...

You are right, this smells of an XY problem. I only addresed the Y.
You have a offered better solution to what we guess is his X.

A better solution to X is to rip the guts of the second script out
into a module that is used by both scripts - this completely elminates
the need to spawn a separate process.
if he cannot do that, he can make a variant of the second script
to do the same,
Click to expand...

Bad idea - that way lies a maintainance headache every time the second
script changes.
or just emulate the CGI environment when he call it.
Click to expand...

"or just"? This is not trivial - but I think there may be a module to
do it.

--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
 
D

dan baker

gnari said:
his problem was that he had not figured a way to
extract the credentials info from his CGI environment.
Click to expand...
-------
exactly... I want to simply pass along whatever I need to allow the
second script to run with the same (already logged in) user that is
running the first script.

I CAN load and pass the RemoteUser and Password using
authorization_basic(), but I dont WANT to store the clear text
passwords on the server if I can help it.

d
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

About as basic "Newbie-Question" that you can get. 3
Quick Question about PHP 1
Question about my projects 3
q re LWP:UserAgent and basic_authorization 0
How to go about building a crud app when you are a noob 1
Uhhhhh, What can I do next? 6
Question about WEKA, Python and Python-WEKA-Wrapper3 0
Registration Form 7

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 328

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,022
Latest member
MaybelleMa

Latest Threads

Top