Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Re: Limiting access to a local web application

by blahblahblah (Priest)
on Aug 03, 2008 at 23:42 UTC ( [id://701947]=note: print w/replies, xml ) Need Help??


in reply to Limiting access to a local web application

What OS, browser, and web server are you dealing with? (Or do you have to support more than one combo of those?)

There might be some server-specific or browser-specific solution. For example, I think that for IIS if you disable anonymous access and enable integrated authentication, then IE will just send the user's credentials along, without ever prompting for a username/password. I think there's also a mod_auth_something for apache that can be configured to work the same way, checking Active Directory for its data.

You might be able to find a simpler solution based on the fact that the server and client are the same machine. For example, if you are running all of this on a single-user desktop windows machine, your cgi app could (I think) find out the currently logged in user through WMI. You're probably better off going with a more standard method though. Writing a home-grown authentication method is just asking for trouble. Even if nobody cares to hack into your app, they might still exploit a bug or oversight in your scheme to gain access to other parts of the system. When your users whine about having to type in a simple id & password (just once if you use cookies), tell them it's for their own data security. They should get over it quickly.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://701947]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (4)
As of 2024-03-29 10:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found