Cees Hek wrote:
> I usually don't run into this problem, since I either protect all
> runmodes in an app module, or I don't protect any. By separating out
> the runmodes into modules according to their task this becomes pretty
> easy.
This is also my approach too. It also allows me to control access based on URL
using mod_auth_tkt and CGI::Application::Dispatch. So a module named
"MyApp::Admin::Reports" could have a url like "/app/admin_reports" and I can
have a mod_auth_tkt rule like this in httpd.conf:
<LocationMatch /app/admin_*>
TKTAuthToken admin
</LocationMatch>
This allows me to not only abstract out the auth from the application, but to
have it enforced at the Apache level which protects not just the dynamic stuff,
but allows me to use the same auth scheme to protect everything else (images,
pdfs, etc).
--
Michael Peters
Developer
Plus Three, LP
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.