home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Writing Apache Modules with Perl and C
By:   Lincoln Stein and Doug MacEachern
Published:   O'Reilly & Associates, Inc.  - March 1999

Copyright 1999 by O'Reilly & Associates, Inc.


   Show Contents   Previous Page   Next Page

Chapter 6 - Authentication and Authorization

In this section...

Access Control, Authentication, and Authorization
Access Control with mod_perl
Authentication Handlers
Authorization Handlers
Cookie-Based Access Control
Authentication with the Secure Sockets Layer


   Show Contents   Go to Top   Previous Page   Next Page

In this Chapter

In previous chapters we've seen how to create dynamic pages, interact with the remote user, and maintain state across sessions. We haven't worried much about issues of user authorization: the web server and all its modules were assumed to be accessible by all.

In the real world, access to the web server is not always unrestricted. The module you're working on may provide access to a database of proprietary information, may tunnel through a firewall system, or may control a hardware device that can be damaged if used improperly. Under circumstances like these you'll need to take care that the module can be run only by authorized users.

In this chapter, we step back to an earlier phase of the HTTP transaction, one in which Apache attempts to determine the identity of the person at the other end of the connection and whether he or she is authorized to access the resource. Apache's APIs for authentication and authorization are straightforward yet powerful. You can implement simple password-based checking in just a few lines of code. With somewhat more effort, you can implement more sophisticated authentication systems, such as ones based on hardware tokens.

   Show Contents   Go to Top   Previous Page   Next Page
Copyright 1999 by O'Reilly & Associates, Inc.