[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

[MacPerl] More on User Authentication



I have a serious problem and need some further assistance (and I apologise
for having to write at length).

Consider this standard code fragment in a diagnostic CGI that I've written
and placed in a secure WebSTAR realm:

foreach $k (keys %ENV) {
    print "<b>$k:</b> $ENV{$k}<BR>\n";
}

When I run the code under macPerl 4.18 and the 6th Feb1996 CGI glue, I get
this output:

+-----------------------------------------------+
|    HTTP_HOST: www.synapse.net.mt              |
|    .                                          |
|    .  (some lines deleted)                    |
|    .                                          |
|    REMOTE_USER: GAUDEN                        |
|    HTTP_CONNECTION: Keep-Alive                |
|    HTTP_AUTHORIZATION: Basic YW5uOmFub24=     |
+-----------------------------------------------+

When I run the same code under MacPerl 5.07 using the same CGI glue, I get
nothing on my Workgroup Server 7250/120. But when I modify the program to
return each of the parameters calling them by name, like this:

print "REMOTE_USER: $ENV{'REMOTE_USER'}<BR>\n";

I get the line, as expected:

REMOTE_USER: ANN

I feel certain that this must be a bug with 5.07 since the code works as
expected with 4.18

But the kludge of calling for the REMOTE_USER parameter directly solves
part of my problem with regard to user authentication. The logic goes like
this: if the script is in a secure realm and the user has been granted
access by the server, then the user must have supplied the correct password
and I can work on the username, which will be unique. I would feel much
safer though if I could access the password as well. I don't think I can
expect MacPerl to supply it as it doesn't seem to be part of the CGI 1.1
standard.

On the other hand, it is one of the parameters passed by WebSTAR to CGI
applications:

Çevent WWW½sdocÈ  Çclass userÈ:username Çclass passÈ:password

Is it possible for someone to pass on a code fragment that captures these
two parameters from the AppleEvent and makes them available to my MacPerl
cgi applications?

I am desperate for a solution to this as I have invested a lot of time in
developing a whole suite of MacPerl CGI's and our launch date is Friday...
It's too late to switch languages; not that I'd ever want to of course  :-)

Thanks,

Gauden Galea