|
Home > Archive > Web Servers on Unix and Linux > March 2004 > Apache - Authentication via DB
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Apache - Authentication via DB
|
|
| Xenofon Grigoriadis 2004-03-21, 7:35 pm |
| Hi there,
I can be considered as a newbie in web-programming. I have the
following task to accomplish:
Development of a web-based tool, using perl-cgi scripts for dynamic
content on html-pages.
The web-server will be an apache server (version: don't know at the
moment, but could give you the information if required).
There is an existing Oracle-DB with an integrated user-management
(table with users and passwords etc.). The web-tool to be developed is
meant to be a new GUI for the already existing application.
That should be enough as an intro to the problem.
So my question is: how can I use the user-information already stored
in the database for an apache based web-user-login? Is it possible
implement? I have found out the information about LDAP-based login. It
should not be much different to enable a kind of db-connection to
extract login information, or is it?
I would be thankful for a quick reply.
Best regards,
Grigoriadis
| |
| Nick Kew 2004-03-22, 4:35 am |
| In article <1672675a.0403211606.5c9abc9b@posting.google.com>,
xenofon.grigoriadis@planet-interkom.de (Xenofon Grigoriadis) writes:
> Development of a web-based tool, using perl-cgi scripts for dynamic
> content on html-pages.
>
> The web-server will be an apache server (version: don't know at the
> moment, but could give you the information if required).
>
> There is an existing Oracle-DB with an integrated user-management
> (table with users and passwords etc.). The web-tool to be developed is
> meant to be a new GUI for the already existing application.
If you have an Oracle backend, then PERL CGI is an inefficient way to
access it. You should aim to hold a pool of database connections open.
To do this with Perl, either hack mod_perl to support connection
pooling, or persuade someone else to do it.
> So my question is: how can I use the user-information already stored
> in the database for an apache based web-user-login? Is it possible
> implement?
Yes of course - c.f. mod_auth_mysql, mod_auth_pgsql, etc.
Go to http://mod-auth.sourceforge.net/ - this is *the* database-
authentication implementation that casts off the legacy of the
limitations of old versions of Apache and does it right.
That's for 2.1, but the important parts I've discussed work the
same with 2.0. With 1.x you can't really do it efficiently.
--
Nick Kew
| |
| Xenofon Grigoriadis 2004-03-23, 10:43 am |
| nick@hugin.webthing.com (Nick Kew) wrote in message news:<cvh2j1-pt2.ln1@webthing.com>...
> In article <1672675a.0403211606.5c9abc9b@posting.google.com>,
> xenofon.grigoriadis@planet-interkom.de (Xenofon Grigoriadis) writes:
>
> If you have an Oracle backend, then PERL CGI is an inefficient way to
> access it. You should aim to hold a pool of database connections open.
> To do this with Perl, either hack mod_perl to support connection
> pooling, or persuade someone else to do it.
Err... Being a newbie in WEB-programming, I fear I don't get you.
Could explain this further? Why do I need a pool of open
db-connections? If the user enters valid login-information, how can
"keep the login-result in mind" for the consecutive pages, which are
going to be called?
> Go to http://mod-auth.sourceforge.net/ - this is *the* database-
> authentication implementation that casts off the legacy of the
> limitations of old versions of Apache and does it right.
> That's for 2.1, but the important parts I've discussed work the
> same with 2.0. With 1.x you can't really do it efficiently.
Thanks a lot for the link. That was actually, what I was looking for.
Sad, that the project does not seem to be very active. Nobody answered
my question on the mailing list yet. So could you tell me, if you have
practical experience with this module, furthermore with the oracle
driver of the libdbi module?
Do you know any other links or lists or previous discussions, where
can find any informations about this module, as there is no
documentation on sourceforge...
Last but not least...
searching sourceforge for "mod-auth" I got a very interesting of
module-developments for apache. Check out "mod-auth-script". The
comment is "This Apache module makes it possible
authentication/authorization to be done by an external program. The
external program can be provided as a CGI, php or any other schemes
which allow dynamic content to Apache."
Sounds very interesting to me...
Thanks for the help
| |
| Owen Jacobson 2004-03-23, 12:42 pm |
| On Tue, 23 Mar 2004 07:38:42 -0800, Xenofon Grigoriadis wrote:
> nick@hugin.webthing.com (Nick Kew) wrote in message
> news:<cvh2j1-pt2.ln1@webthing.com>...
>
> Err... Being a newbie in WEB-programming, I fear I don't get you. Could
> explain this further? Why do I need a pool of open db-connections? If
> the user enters valid login-information, how can "keep the login-result
> in mind" for the consecutive pages, which are going to be called?
His point was, *if you are using an Oracle backend*, using a standalone
perl process such as a CGI script means that every single access to that
process will result in a new database connection, which is *slow* with
Oracle. Keeping a pool of open database connections through a persistant
module is a good way to work around that.
--
Some say the Wired doesn't have political borders like the real world,
but there are far too many nonsense-spouting anarchists or idiots who
think that pranks are a revolution.
| |
| Nick Kew 2004-03-24, 5:37 am |
| In article <1672675a.0403230738.242533da@posting.google.com>,
xenofon.grigoriadis@planet-interkom.de (Xenofon Grigoriadis) writes:
> (chop part Owen already answered)
> Thanks a lot for the link. That was actually, what I was looking for.
> Sad, that the project does not seem to be very active. Nobody answered
> my question on the mailing list yet.
Hmmm, maybe I should sign up for that. It is active - but looking at
the date of your posting, you didn't give it very long to get a reply.
> So could you tell me, if you have
> practical experience with this module, furthermore with the oracle
> driver of the libdbi module?
I don't. I know it sort-of generally through the developer community
(and the mod-auth connection pooling is based on my work).
> Last but not least...
>
> searching sourceforge for "mod-auth" I got a very interesting of
> module-developments for apache. Check out "mod-auth-script". The
> comment is "This Apache module makes it possible
> authentication/authorization to be done by an external program. The
> external program can be provided as a CGI, php or any other schemes
> which allow dynamic content to Apache."
Hmmm, sourceforge seems to be unreachable as I write. But that
sounds a lot like a presentation I vaguely recollect from
ApacheCon back in November, whose purpose was a poor-mans-auth for
users whose ISPs wouldn't even permit use of .htaccess. If so,
to use it with Oracle would be like driving a jumbo jet to get
to your local shops.
--
Nick Kew
|
|
|
|
|