On 03/12/2013 01:07 PM, Alexander Hartmaier wrote: > Having the webserver do the authentication means you are depending on it > to support the type of authentication you want to use. > I'd prefer having the authentication in the app with the exact same code > for production and testing over ::Remote.
Everything has its pros and cons. If you do all your authentication in your app, you depend on existing modules for the desired authentication method, or you have to write your own authentication code. I prefer using stable and tested mechanisms over writing my own code (if possible). And if a tool lacks some features which I need, I just use something else (again, if possible). I guess 90% of all webservers support most common authentication methods. Until now, I used DBIC based authentication within my app, and ::Remote for everything else. But until now "everything else" is just one project which requires digest, certificates and kerberos authentication. I guess there is no "better" in this case. Its a matter of personal preferences and use case. Concerning the differing code for testing and production: I agree. This truly is a disadvantage when using ::Remote cheers, Lukas _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
