> Hi all, Howdy
> > I'm having a hard time finding how an http authentication > works and how it could be used with a file containing the > logins and pass I want the user's entry to be compared to. > Actual authentication Is done via the webserver say apache with htaccess Your way is sort of a suedo authentiction that imitates what apache is doing. > So in more details the present situation is: > - I have a file containing the logins and pass from some users > - I have a perl CGI script looking if there is a certain cookie > - if the cookie is there I can display the web page > - if the cookie is not there I pop up a 401 and ask the > user for login and pass > > And I want to get those login and pass the user enters and > check them with the contents of my file. I read somewhere If you're doing suedo authentication then you can do whatever you want with what they enter into a form. > there was no way to get the password, but I am able to get it > using php (with the $HTTP_AUTH_PASSW var). So I'm confused... That depends on the webserver. If it's apache then you can get the user name but I don't think you can get the password by default. PHP has it perhaps but that's a huge security hole. I don't think it gets it from apache per se, Probably php has it if it is handling authentication as an apache module, even so it's really insecure to just put it in a variable for the world to see. If you really want to do that though you probably could do it via mod_perl for apache and have it handling authentication for you. Or use your suedo auth and you'll have everything at your finger tips. You'd have to ask the mod_perl folks about the specifics of that one. The suedo auth method is a lot of extra work. > > Is there any nice location where I can learn more about this > or a general solution (I would be pleased not to use a > separate form to get the user's login and pass but I think I > will do that while not finding a solution). http://apache.org http://perl.apache.org/ HTH DMuey > > Thanks all, > > Yannick -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
