> This seems to be working well but my question is is there a better way?
Hi Jaldhar,
In my experiences with Perl and C::A, I've discovered that there's
always a better way. The question is whether it's worth the effort to
pursue. Against the advice of the C::A creator, I and many others on the
list have successfully used this method of authenticating and
authorizing access to runmodes.
However, I have begun to take Jesse's advice to use Apache's (or
whatever webserver you are using) built-in support for authen/authz
phases to reduce the amount of code I write. I use Apache::Cookie which
works fine for authentication (determining that a user is who s/he says
s/he is) but I have not used it to do authorization (granting access to
pages based on rights).
In some respects, the method you've described seems easier to me for
handling authorization. Cees suggestion from the Wiki[1] is to break out
runmodes into separate modules to handle authorization. It's workable
but sometimes seems a bit redundant.
Not much of an answer but perhaps some fodder for you.
William
[1] http://twiki.med.yale.edu/twiki2/bin/view/CGIapp/Authentication
--
Knowmad Services Inc.
http://www.knowmad.com
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.