Re: [htmltmpl] securing an H::T site with username/password w/session mgt1
Brought to you by:
samtregar
Menu
▾
▴
Re: [htmltmpl] securing an H::T site with username/password w/session mgt1
|
From: Puneet K. <pk...@ei...> - 2003-09-03 18:52:20
|
Karen J. Cravens wrote: > On Wed, 3 Sep 2003, Puneet Kishor wrote: > > PK>I know this is asking for a basic course in creating a password > PK>protected website -- if someone could provide a link to such an article > PK>(esp. if it deals with H::T-specific issues, if any -- for example, > PK>.tmpl files are not cgi scripts, so how could they be protected, etc.) > PK>that would be great. > > Most of this doesn't even need to be done at the script level, much less > H::T... just use the .htaccess file to secure the directory (or > directories) at the server level. Scripts can retrieve the (already > verified) username from the environment variables if they need to look > things up in a database. > Thanks Karen. The problems with .htaccess are -- 1. A separate file/db to store the username/password info. I want to store all user-related info (username, password, and a boatload of personalization info such as favorite color and firstname, etc.) in the same database table that I can safely backup or move to another server, etc. 2. As I understand, using AuthType Basic with .htaccess allows you to login but not logout (that's what I gathered from Apache docs, although I might be confused over this). > The only thing that's lacking is session-orientedness. > 3. Oh yes... that is important. What I need is a way to run a specific security.pl (kinda script) on every request to the webserver... .htaccess seems to be a logical place to call something like that from. Is it? How? What are the alternatives? On another note -- what is the preferred session module for H::T users? Apache::Session or CGI::Session or something else? |
