[cgiapp] Internationalization with Locale::Maketext
Mark Rajcok
mrajcok at gmail.com
Fri Jun 4 17:45:10 EDT 2010
On Thu, Jun 3, 2010 at 1:06 AM, Jerry Kaidor <jerry at tr2.com> wrote:
> The next step is to figure out an access control scheme. I have to do
> that up front, because access control is part of the forest of run modes.
> What's the 800-pound gorilla among access control schemes that works well
> with cgiapp?
>
> Right now, I use a couple of things: First, the webserver demands HTTPS
> for the cgi directories. Second, I use basic authentication. I use it
> because somebody else who knew what they were doing wrote it :). Third,
> I use my own login/password screen. When a user logs in, an MD5 hash is
> created off of all the interesting and unique things I could easily
> find. Things like the username, the IP address of his computer, the
> exact time when he logged in, etc etc. The hash is stored in an SQL
> table of sessions, which also includes times of last use. The session
> ID and hash are passed around as CGI parameters and verified for each
> page. A housekeeping cron task ages out unused sessions. There is also
> a system of permissions for each user. As I develop my code I keep
> finding individual actions that are worth adding a permission for.
>
> I am sure that my system is quite broken, and there is much better stuff
> out there :).
>
Hi Jerry,
I use CGI::Application::Plugin::Authentication, with a database backend for
storing user info and sessions. The module will handle creating and
managing user sessions for you, including configurable session timeouts. It
also checks that a user is authorized to see a particular web page (run
mode). I've found the module very useful.
You will still need your housekeeping cron job.
An example cron job is also here:
http://cgi-app.org/index.cgi?CgiApplicationPluginSessionExample)
Working examples of CAP::Authentication:
http://www.perlmonks.org/?node_id=622071
http://docs.google.com/Doc?id=dd363fg9_77gb4hdh7b
For authorization (permissions) have a look at
CGI::Application::Plugin::Authorization.
(For a project I'm currently working on, I rolled my own (much less feature
rich) authorization plugin, to minimize the number of hits to the database).
-- Mark R.
More information about the cgiapp
mailing list