Thanks for the tip, true $ENV{REMOTE_USER} is not set unless authenticated
:>
As for the Apache authentication, is there an alternative method of making
this happen other than the pop-up window? ie can I authenticate w/ Apache
through a form?
I thought of the form login so the script would login the individual, then
output a page with the user's account info. Can I make the Apache
authentication point to a CGI script which takes these args (index.html with
a redirect to CGI?). A form-based login would enable picking up user
information for custom post-login pages.
Thanks
..Tom
> -----Original Message-----
> From: Charles Day [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2000 12:16 PM
> To: 'Kralidis, Tom'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: maintaining state securely for authentication
>
>
> 1. Apache Authentication, using MySQL to authenticate, and
> use form based
> webpage with perl backend to query MySQL.
>
> 2. Once the directory is secured, you know who they are at
> all times by
> calling $ENV{REMOTE_USER}
>
> Charles Day
> IT
> Symix Systems, Inc.
>
>
>
> -----Original Message-----
> From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2000 11:52 AM
> To: '[EMAIL PROTECTED]'
> Subject: maintaining state securely for authentication
>
>
> Hi,
>
> I'm new to the group, and wonder if anyone would have a
> mod_perl (or even
> CGI) suggestion:
>
> I am writing an online application enabling users to create
> accounts, store
> information, and having the ability to edit/update
> information, provided it
> is under their username.
>
> All information (users, groups, data) will be stored via MySQL. The
> database is interfaced through a web application, using
> mod_perl and CGI
> (Perl).
>
> All users would initially have to login to the system to authenticate
> themselves. All updates, etc. done by the users would follow
> the login, so
> the username/password info would need to be maintain state
> throughout their
> session, while not giving away the information for potential abusers.
>
> Question 1: Apache authentication vs. form-based
> username/password query to
> MySQL? Pros/cons?
>
> Question 2: How can I enable users to updata/edit records in
> the system,
> through the web, while still knowing who they are (as per
> username/password
> login), over multiple pages throughout a session?
>
> I have found scenarios such as hotmail or monster.com good
> examples of what
> I want to accomplish.
>
> If anyone has some info, online explanations or suggestions
> to this, it
> would appreciated.
>
> Thanks alot
>
> ..Tom
>
