On Fri, 3 Sep 2004, michael watson (IAH-C) wrote:
I need to make this secure such that only users I want can use the system. I want to set up a username and password so that users can log in once at the beginning of a session, carry out their work filling in various forms and writing to the database, and then log-out at the end.
What is the best way to do this? I've thought about creating a MySQL user/password for each person who needs to enter data, but I don't want them to have to enter their username and password on every form. I guess what I need is some sort of persistant DBI connection that is present over multiple runs of various CGI scripts (until the person logs off or the browser is closed...)
I am running Suse Linux 8.2, MySQL 4, Apache 1.3.28 and perl 5.8.0
Think about what your requirements are here; you seem to have a grab bag of good ideas that are all mixed up together.
* System authentication
You're asking for a way to avoid making people fill out their username & password with each form. A proper authentication system won't allow this situation. The two basic ways you can do authentication are at the server level, with Apache-enforced HTTP authentication (this is the version where the, and at the application level, with code in your CGI scripts that manages user account details.
I personally think Apache-level authentication is easier -- if you just add the right directives to your httpd.conf, it's magically turned on for you. For whatever reason though, this isn't often done these days -- it's more popular to reinvent this particular wheel over and over again.
If you go for the more popular application level logins, the general approach will mean storing the user's account name in a cookie, and then checking this cookie with each request. As long as the cookie has the right information, they won't have to log in with each page -- it will, in effect, do that automatically in the background.
* Database users:
I suspect it's not so important to control who's user account is writing to the database, as much as it is to know who wrote what data in the database. Make sense? With that in mind, you could do either or both of [a] add fields to the tables that note who last touched each row, or (probably better) [b] maintain a log of what changes are being made and by who -- this log could even be as simple as a datestamp, the user name, and the SQL statement.
This should make maintainence of the database easier, as you don't have to maintain separate MySQL accounts for each user along with the other accounts they are going to need.
* DBI connection persistence:
It makes sense to maintain a connection to the database, but not so much because of user access control considerations, but just for performance: being able to avoid building up & tearing down a DB connection with every page view gets very expensive. The best way to get around this is probably to use mod_perl instead of regular CGI scripts, and then turn on Apache::DBI for database connection pooling. This can help a lot.
Does this help ? More questions ?
-- Chris Devers [EMAIL PROTECTED] http://devers.homeip.net:8080/blog/
np: 'Mr. Loh's Not Afraid to Be Naked'
by Sandra Tsing Loh
from 'This American Life: Lies, Sissies, and Fiascoes'-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
