|
Home > Archive > Apache Server configuration support > December 2007 > Apache-based authen/authz vs. alternatives
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Apache-based authen/authz vs. alternatives
|
|
| Iftekhar 2007-12-06, 1:42 am |
| Hi all,
I'm currently working on an old system at a company that uses apache-
perl, and their authentication system runs off the apache
PerlAuthenHandler and PerlAuthzHandler directives in their VirtualHost
configuration.
In a previous company, we separated the authentication and
authorization from the apache configuration, which meant authen/authz
ran as cgi scripts that were called on page loads. My question is, is
either an obviously superior choice?
- Ifty.
| |
| lihao0129@gmail.com 2007-12-07, 7:26 pm |
| On Dec 5, 9:48 pm, Iftekhar <iftekharul.ha...@gmail.com> wrote:
> Hi all,
>
> I'm currently working on an old system at a company that uses apache-
> perl, and their authentication system runs off the apache
> PerlAuthenHandler and PerlAuthzHandler directives in their VirtualHost
> configuration.
Check out how Apache goes through a request with different phases,
http://modperlbook.org/html/1-4-Apa...ing-Phases.html
For performace, using PerlAuthenHandler, PerlAuthzHandler to setup
authen/authz before the response (or content generation) phase is much
better than using CGI scripts(in response phase).
doing authen/authz in cgi-script might be more flexibilities though..
Regards,
XC
> In a previous company, we separated the authentication and
> authorization from the apache configuration, which meant authen/authz
> ran as cgi scripts that were called on page loads. My question is, is
> either an obviously superior choice?
>
> - Ifty.
|
|
|
|
|