Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: Limiting access to a local web application

by blahblahblah (Priest)
on Aug 03, 2008 at 23:42 UTC ( #701947=note: print w/replies, xml ) Need Help??

in reply to Limiting access to a local web application

What OS, browser, and web server are you dealing with? (Or do you have to support more than one combo of those?)

There might be some server-specific or browser-specific solution. For example, I think that for IIS if you disable anonymous access and enable integrated authentication, then IE will just send the user's credentials along, without ever prompting for a username/password. I think there's also a mod_auth_something for apache that can be configured to work the same way, checking Active Directory for its data.

You might be able to find a simpler solution based on the fact that the server and client are the same machine. For example, if you are running all of this on a single-user desktop windows machine, your cgi app could (I think) find out the currently logged in user through WMI. You're probably better off going with a more standard method though. Writing a home-grown authentication method is just asking for trouble. Even if nobody cares to hack into your app, they might still exploit a bug or oversight in your scheme to gain access to other parts of the system. When your users whine about having to type in a simple id & password (just once if you use cookies), tell them it's for their own data security. They should get over it quickly.

  • Comment on Re: Limiting access to a local web application

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://701947]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2021-02-27 16:35 GMT
Find Nodes?
    Voting Booth?

    No recent polls found