I can at least point you toward the modules I would use for this process
>At 12:01 09.07.2001 +0200, you wrote:
>Dear subscribers,
>
>I am working out an idea for a (set of) perl scripts that would provide
>the following:
>
>* A login form asking for a unique username/password combination;
CGI.pm handles all your form input/output needs, and covers basically
everything that has to do with Perl/HTML interaction. And, it's included
with Perl, so you know you've already got it :)
>* Validating the user input (using a stored user database) and redirecting
>the user accordingly;
DBI.pm handles perl/database communication. It gives you a common syntax
for many different kinds of database interfaces, so you don't have to
change your code if you switch from using Oracle and start using SQL, for
example. Find it at www.cpan.org
>* Maintaining the state, i.e. remembering the validated user until he logs
>out or ends the session.
I would suggest using cookies for this bit. I know that cookies can be
handled by Perl, and there's probably a module for it, but I like using
JavaScript -- to each his own :)
>Should I even do this using perl and cgi or am I better off trying to
>accomplish this at server level (using whatever facilities the web server
>provides for this kind of task)? What are the advantages of each apporach,
>if both are feasible?
Here you hit the crux of the matter. If you can talk to the administrator
of your server, you'll probably find that this exact feat can easily be
accomplished by the addition of a .htaccess document (or the equivalent) --
but, if you want to learn by doing (a noble goal) then you defeat your
purpose. The decision probably depends on how important this project is,
when it needs to get done, and how much spare time you have.
>If this could be done using perl and cgi, what security issues should I
>consider? The data transmitted need not be encrypted, but it should not be
>possible to login by (wild guess) recycling a session cookie.
That can easily be handled by setting a unique cookie each time someone
logs on, and storing it in your db as a "used cookie" when the user logs
off. Use big strings for you cookie value so that you can go for a long
time before you run out of cookies (or use a timestamp?)
Aaron Craig
Programming
iSoftitler.com
