1. Apache Authentication, using MySQL to authenticate, and use form based
webpage with perl backend to query MySQL.
2. Once the directory is secured, you know who they are at all times by
calling $ENV{REMOTE_USER}
Charles Day
IT
Symix Systems, Inc.
-----Original Message-----
From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2000 11:52 AM
To: '[EMAIL PROTECTED]'
Subject: maintaining state securely for authentication
Hi,
I'm new to the group, and wonder if anyone would have a mod_perl (or even
CGI) suggestion:
I am writing an online application enabling users to create accounts, store
information, and having the ability to edit/update information, provided it
is under their username.
All information (users, groups, data) will be stored via MySQL. The
database is interfaced through a web application, using mod_perl and CGI
(Perl).
All users would initially have to login to the system to authenticate
themselves. All updates, etc. done by the users would follow the login, so
the username/password info would need to be maintain state throughout their
session, while not giving away the information for potential abusers.
Question 1: Apache authentication vs. form-based username/password query to
MySQL? Pros/cons?
Question 2: How can I enable users to updata/edit records in the system,
through the web, while still knowing who they are (as per username/password
login), over multiple pages throughout a session?
I have found scenarios such as hotmail or monster.com good examples of what
I want to accomplish.
If anyone has some info, online explanations or suggestions to this, it
would appreciated.
Thanks alot
..Tom
