Yes, thanks guys for clearing that up. I was the shorthand and Apache names
that confused me, not being too familiar with Apache, using IIS moreso [dont
hate me ;)]
But, this has given me some very useful information, thanks again!
Scott
----- Original Message -----
From: "Sean Davis" <suppressed>
To: "Scott Prelewicz" <suppressed>; "Michael Peters"
<suppressed>
Cc: "cgiapp" <suppressed>
Sent: Tuesday, February 22, 2005 5:59 PM
Subject: Re: [cgiapp] Directory structure for website
>
> > Pardon my supreme ignorance ;), but can someone explain what
authz/authen
> > is?
>
> Sorry for being opaque, Scott. And thanks, Michael for the detailed
answer.
>
> Just to elaborate on authz/authen: Authz is short for authorization and
> authen is short for Authentication. These are formally separate phases of
> security. Michael adds Access, correctly, to that list. In a web
setting,
> access control is used to limit access to a location or site based on
> non-personal information like domain from which the request is coming,
time
> of day, day of week, hit limits, etc. Authentication is what most people
> think of when security is involved--it is the process of determining who
the
> user is and guaranteeing that identity; it often involves user/password
> combinations, but can be more or less complicated. Authentication comes
> after authentication and is the process of determining that the user from
> the authen step is allowed (or not) to access a specific resource (page).
> There is a logical order->Access->Authentication->Authorization.
>
> See the apache website for a (mudh) more detailed discussion.
>
> Hope this helps.
>
> Sean
>
>
> >> Sean Davis wrote:
> >> > This is a bit off-topic....
> >> >
> >> > I have a cgi::app running as a mod_perl handler. I handle
authen/authz
> >> > via the handler, also, and log username with each request. This all
> >> > works as expected. However, I also serve static HTML, CSS, and
images
> >> > as part of the site, some of which are shared between other
cgi::apps.
> >> > I would like to move away from keeping all this extraneous material
in
> >> > htdocs toward having project-specific directories to improve my own
> >> > sanity, not to mention things like logging and access control. Any
> >> > suggestions on how to do this in a mod_perl framework (or
> >> > best-practices, in general)? Below is what I have in my httpd.conf
> >> > file
> >> > right now.
> >>
> >>
> >> Right now, I think one of the best examples of best practices when
using
> >> C::A in a large project that runs under mod_perl is krang
> >> (http://krang.sourceforge.net).
> >>
> >> I am also planning on releasing (sometime in the next few months) the
> >> source for an application that I've been doing on the side. Krang uses
> >> H::T, CGI and Class::MethodMaker, where as my app uses TT,
> >> Apache::Request and Class::DBI. Two sides of the same C::A coin.
> >>
> >> I think the general directory layout (relative to the project root) is
> >> something like...
> >>
> >> /lib => perl modules
> >> /conf => configuration files
> >> /templates => template files
> >> /logs => application logs
> >> /bin => any scripts for starting/stoping/testing/etc
> >> /htdocs => images, css, javascript, etc
> >>
> >> I use CGI::Application::Dispatch to make urls easier, get rid or
> >> instance scripts (or make my httpd.conf file cleaner) and have my
> >> authz/authen be based on the path. Assuming my project is in
> >> '/sites/myapp' my httpd.conf (or at least my application specific
> >> portion in a vhost) file might look something like this:
> >>
> >> DocumentRoot /sites/myapp/htdocs
> >>
> >> <Directory "/sites/myapp/htdocs">
> >> Options Indexes
> >> AllowOverride None
> >> Order allow,deny
> >> Allow from all
> >> </Directory>
> >>
> >> ErrorLog /sites/myapp/logs/error_log
> >> PerlRequire /sites/myapp/conf/startup.pl
> >> PerlTaintCheck On
> >> PerlModule MyApp::Handler
> >>
> >> <Location /app>
> >> SetHandler perl-script
> >> PerlHandler CGI::Application::Dispatch
> >> PerlSetVar CGIAPP_DISPATCH_PREFIX MyApp
> >> PerlSetVar CGIAPP_DISPATCH_RM On
> >> PerlSetVar CGIAPP_DISPATCH_DEFAULT public
> >>
> >> AuthType MyApp::Handler
> >> AuthName myapp
> >> PerlAccessHandler MyApp::Handler->access
> >> PerlAuthenHandler MyApp::Handler->authen
> >> PerlAuthzHandler MyApp::Handler->authz
> >> </Location>
> >>
> >>
> >> <LocationMatch "/app/admin_.*">
> >> Require group admin
> >> </LocationMatch>
> >>
> >> <LocationMatch "/app/member_.*">
> >> Require group member
> >> </LocationMatch>
> >>
> >> Then I just define what a group of 'member' and 'admin' mean in
> >> MyApp::Handler.
> >>
> >> > Do I need to move authen/authz out of my cgi::app to
> >> > accomplish the task--I think I probably do.
> >>
> >> Not necessarily, but I think it'd be a good idea to keep them separate.
> >> But that's more for organization than for any limitation of
> >> mod_perl/C::A.
> >>
> >> --
> >> Michael Peters
> >> Developer
> >> Plus Three, LP
> >>
> >>
> >> ---------------------------------------------------------------------
> >> Web Archive: http://www.mail-archive.com/suppressed/
> >> http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> >> To unsubscribe, e-mail: suppressed
> >> For additional commands, e-mail: suppressed
> >>
> >>
> >>
> >
>
>
>
> ---------------------------------------------------------------------
> Web Archive: http://www.mail-archive.com/suppressed/
> http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> To unsubscribe, e-mail: suppressed
> For additional commands, e-mail: suppressed
>
>
>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.