Re: [cgiapp] Directory structure for website

["Sean Davis" <suppressed>]

> Pardon my supreme ignorance ;), but can someone explain what authz/authen
> is?

Sorry for being opaque, Scott.  And thanks, Michael for the detailed answer.

Just to elaborate on authz/authen:  Authz is short for authorization and 
authen is short for Authentication.  These are formally separate phases of 
security.  Michael adds Access, correctly, to that list.  In a web setting, 
access control is used to limit access to a location or site based on 
non-personal information like domain from which the request is coming, time 
of day, day of week, hit limits, etc.  Authentication is what most people 
think of when security is involved--it is the process of determining who the 
user is and guaranteeing that identity; it often involves user/password 
combinations, but can be more or less complicated.  Authentication comes 
after authentication and is the process of determining that the user from 
the authen step is allowed (or not) to access a specific resource (page). 
There is a logical order->Access->Authentication->Authorization.

See the apache website for a (mudh) more detailed discussion.

Hope this helps.

Sean


> > Sean Davis wrote:
> > > This is a bit off-topic....
> > >
> > > I have a cgi::app running as a mod_perl handler.  I handle authen/authz
> > > via the handler, also, and log username with each request.  This all
> > > works as expected.  However, I also serve static HTML, CSS, and images
> > > as part of the site, some of which are shared between other cgi::apps.
> > > I would like to move away from keeping all this extraneous material in
> > > htdocs toward having project-specific directories to improve my own
> > > sanity, not to mention things like logging and access control.  Any
> > > suggestions on how to do this in a mod_perl framework (or
> > > best-practices, in general)?  Below is what I have in my httpd.conf 
> > > file
> > > right now.
> >
> >
> > Right now, I think one of the best examples of best practices when using
> > C::A in a large project that runs under mod_perl is krang
> > (http://krang.sourceforge.net).
> >
> > I am also planning on releasing (sometime in the next few months) the
> > source for an application that I've been doing on the side. Krang uses
> > H::T, CGI and Class::MethodMaker, where as my app uses TT,
> > Apache::Request and Class::DBI. Two sides of the same C::A coin.
> >
> > I think the general directory layout (relative to the project root) is
> > something like...
> >
> > /lib     => perl modules
> > /conf     => configuration files
> > /templates  => template files
> > /logs       => application logs
> > /bin        => any scripts for starting/stoping/testing/etc
> > /htdocs     => images, css, javascript, etc
> >
> > I use CGI::Application::Dispatch to make urls easier, get rid or
> > instance scripts (or make my httpd.conf file cleaner) and have my
> > authz/authen be based on the path. Assuming my project is in
> > '/sites/myapp' my httpd.conf (or at least my application specific
> > portion in a vhost) file might look something like this:
> >
> > DocumentRoot        /sites/myapp/htdocs
> >
> > <Directory "/sites/myapp/htdocs">
> >      Options         Indexes
> >      AllowOverride   None
> >      Order           allow,deny
> >      Allow           from all
> > </Directory>
> >
> > ErrorLog            /sites/myapp/logs/error_log
> > PerlRequire         /sites/myapp/conf/startup.pl
> > PerlTaintCheck      On
> > PerlModule          MyApp::Handler
> >
> > <Location /app>
> >      SetHandler          perl-script
> >      PerlHandler         CGI::Application::Dispatch
> >      PerlSetVar          CGIAPP_DISPATCH_PREFIX MyApp
> >      PerlSetVar          CGIAPP_DISPATCH_RM On
> >      PerlSetVar          CGIAPP_DISPATCH_DEFAULT public
> >
> >      AuthType            MyApp::Handler
> >      AuthName            myapp
> >      PerlAccessHandler   MyApp::Handler->access
> >      PerlAuthenHandler   MyApp::Handler->authen
> >      PerlAuthzHandler    MyApp::Handler->authz
> > </Location>
> >
> >
> > <LocationMatch "/app/admin_.*">
> >      Require group admin
> > </LocationMatch>
> >
> > <LocationMatch "/app/member_.*">
> >      Require group member
> > </LocationMatch>
> >
> > Then I just define what a group of 'member' and 'admin' mean in
> > MyApp::Handler.
> >
> >  > Do I need to move authen/authz out of my cgi::app to
> >  > accomplish the task--I think I probably do.
> >
> > Not necessarily, but I think it'd be a good idea to keep them separate.
> > But that's more for organization than for any limitation of 
> > mod_perl/C::A.
> >
> > --
> > Michael Peters
> > Developer
> > Plus Three, LP
> >
> >
> > ---------------------------------------------------------------------
> > Web Archive:  http://www.mail-archive.com/suppressed/
> >               http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> > To unsubscribe, e-mail: suppressed
> > For additional commands, e-mail: suppressed



---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
             http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed