CGI::Ex::Auth

CGI::Ex::Auth is a Perl module to handle logins nicely.
Download

CGI::Ex::Auth Ranking & Summary

Advertisement

  • Rating:
  • License:
  • Perl Artistic License
  • Price:
  • FREE
  • Publisher Name:
  • Paul Seamons
  • Publisher web site:
  • http://search.cpan.org/~rhandom/

CGI::Ex::Auth Tags


CGI::Ex::Auth Description

CGI::Ex::Auth is a Perl module to handle logins nicely. CGI::Ex::Auth is a Perl module to handle logins nicely.SYNOPSIS use CGI::Ex::Auth; ### authorize the user my $auth = CGI::Ex::Auth->get_valid_auth({ get_pass_by_user => &get_pass_by_user, }); sub get_pass_by_user { my $auth = shift; my $user = shift; my $pass = some_way_of_getting_password($user); return $pass; } ### OR - if you are using a OO based CGI or Application sub require_authentication { my $self = shift; return $self->{'auth'} = CGI::Ex::Auth->get_valid_auth({ get_pass_by_user => sub { my ($auth, $user) = @_; return $self->get_pass($user); }, }); } sub get_pass { my ($self, $user) = @_; return $self->loopup_and_cache_pass($user); }CGI::Ex::Auth allows for auto-expiring, safe and easy web based logins. Auth uses javascript modules that perform MD5 hashing to cram the password on the client side before passing them through the internet.For the stored cookie you can choose to use simple cram mechanisms, secure hash cram tokens, auto expiring logins (not cookie based), and Crypt::Blowfish protection. You can also choose to keep passwords plaintext and to use perl's crypt for testing passwords.A theoretical downside to this module is that it does not use a session to preserve state so get_pass_by_user has to happen on every request (any authenticated area has to verify authentication each time). In theory you should be checking the password everytime a user makes a request to make sure the password is still valid. A definite plus is that you don't need to use a session if you don't want to. It is up to the interested reader to add caching to the get_pass_by_user method.In the end, the only truly secure login method is across an https connection. Any connection across non-https (non-secure) is susceptible to cookie hijacking or tcp hijacking - though the possibility of this is normally small and typically requires access to a machine somewhere in your TCP chain. If in doubt - you should try to use https. Requirements: · Perl


CGI::Ex::Auth Related Software

About SoftwareSea