[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

[MacPerl] CGIs and authentication


I'm prototyping an access-restriction CGI in my favorite
scripting language -- that is, MacPerl -- and I'm having
trouble getting a hold of the password passed by the
HTTP client.

What seems most likely is that there isn't an environment
variable set up (e.g., 'REMOTE_PASSWORD'), possibly for
security reasons??? ...but the HTTP_AUTHORIZATION variable
has what looks like some sort of encrypted string that
may be just what I need.

Below are two lines spewed out by the 'demo.cgi' that
is a part of the MPCGI distribution (note that they only
appear if the user has entered some id/pwd combination
during the current browser session):
REMOTE_USER          SNARF
HTTP_AUTHORIZATION   Basic em9tYm11OnNub3Q=

The questions are:
1. Is that really SNARF's password?
2. If so, how do I encrypt a known password in order to match it to
   what's in HTTP_AUTHORIZATION?
3. If MacCrypt.pl is the answer to #2, what is the "salt" value I need?

In case anyone is interested, the code I'm playing with appears
below. It sort of mimics a WebSTAR realm, in that output can be
delivered conditionally based on a user name (and, depending on the
answers to the questions above, a password).

--
matt.


#!perl

$remote_user = "$ENV{'REMOTE_USER'}";

if ($remote_user =~ /ZOMBIE/)
   {
        print "HTTP/1.0 200 OK\n";

        # user name is recognized;
        # simple test could be replaced with database lookup

        }
else
   {
        print "HTTP/1.0 401 Unauthorized\n";
        print "MIME-Version: 1.0\n";
        print "Server: WebSTAR/1.2.4\n";
        print "Content-type: text/html\n\n";
    print "<HTML><HEAD><TITLE>Unauthorized man</TITLE></HEAD>\n";
    print "<BODY>You are not permitted access to this document.\n";
    print "</BODY></HTML>\n";
    }

1;