O'Reilly logo

Practical Internet Groupware by Jon Udell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

An Authenticating Script for Apache

We’ll start by observing that web servers aren’t the only things that can issue Authorization: headers. Scripts can do that too. Example 12.1 is a simple Perl script that challenges for a name and password, just as an authenticating web server does.

Example 12-1. Scripting the Name/Password Challenge

use MIME::Base64;

if ( ! defined $ENV{HTTP_AUTHORIZATION} )    # if no Authorization: header
  {     
  print "HTTP/1.0 401 Authentication\n";     # issue authorization challenge
  print "WWW-Authenticate: Basic realm=\"subscribers\"\n\n";
  return;
  }

print "HTTP/1.0 200 Ok\n";                   # needed for ISAPI Perl or mod_perl
print "Content-type: text/html\n\n";         # the standard header
$ENV{HTTP_AUTHORIZATION} =~ m/Basic (.+)/i;  # get MIME-encoded credentials
print "Hello " . decode_base64($1);          # print "Hello Aladdin:open sesame"

We’ve introduced another CPAN module here. MIME::Base64 converts back and forth between plain text and the Base64 encoding used by the HTTP basic authentication protocol. If you put this code in a file called auth.pl, put that file into the /cgi-bin directory of an Apache web server, and ask your browser to fetch /cgi-bin/auth.pl, you’ll provoke an authentication dialog. Type in the credentials Aladdin and open sesame and you’ll get the reponse Hello Aladdin:open sesame.

If that doesn’t work, define the symbol SECURITY_HOLE_PASS_AUTHORIZATION and rebuild Apache. What? Open a security hole? Well, here’s what the Apache source code says about allowing scripts ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required