Hello - I'm working on a Catalyst app, mostly just to amuse myself, that is supposed to be a webmail/calendar/address book/user account management app. All of the user account information, as well as the address book, is stored in an LDAP directory, so authenticating against that is not a problem. I am running into a problem if I want the user to be able to connect to an IMAP server, as that would require that user provide their username/password again. Here's basically how my app is currently working:
User logs in, auth data is checked against LDAP. Once logged in, the user is trusted to do various things based on my authorization scheme. Say the user wants to check his email. I'm trying to use Net::IMAP::Simple to connect to my IMAP server. However, to log in, the module needs the username and password. So, the two most obvious options are to 1) have the user provide his authentication data again; or 2) store the user's password in the session. Neither sounds like a good idea, the first is just annoying, and the second seems like a security vulnerability. So, does anyone have any advice on how to procede. One idea I had was the login to the IMAP server the first time the user logs in to the web app, and then pass around the IMAP object with the session, but that seems kind of ugly. Any ideas? Thanks.
_______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/