Skip to Main Content
Practical Internet Groupware
book

Practical Internet Groupware

by Jon Udell
October 1999
Beginner content levelBeginner
521 pages
15h 28m
English
O'Reilly Media, Inc.
Content preview from Practical Internet Groupware

An Authenticating Script for Apache

We’ll start by observing that web servers aren’t the only things that can issue Authorization: headers. Scripts can do that too. Example 12.1 is a simple Perl script that challenges for a name and password, just as an authenticating web server does.

Example 12-1. Scripting the Name/Password Challenge

use MIME::Base64;

if ( ! defined $ENV{HTTP_AUTHORIZATION} )    # if no Authorization: header
  {     
  print "HTTP/1.0 401 Authentication\n";     # issue authorization challenge
  print "WWW-Authenticate: Basic realm=\"subscribers\"\n\n";
  return;
  }

print "HTTP/1.0 200 Ok\n";                   # needed for ISAPI Perl or mod_perl
print "Content-type: text/html\n\n";         # the standard header
$ENV{HTTP_AUTHORIZATION} =~ m/Basic (.+)/i;  # get MIME-encoded credentials
print "Hello " . decode_base64($1);          # print "Hello Aladdin:open sesame"

We’ve introduced another CPAN module here. MIME::Base64 converts back and forth between plain text and the Base64 encoding used by the HTTP basic authentication protocol. If you put this code in a file called auth.pl, put that file into the /cgi-bin directory of an Apache web server, and ask your browser to fetch /cgi-bin/auth.pl, you’ll provoke an authentication dialog. Type in the credentials Aladdin and open sesame and you’ll get the reponse Hello Aladdin:open sesame.

If that doesn’t work, define the symbol SECURITY_HOLE_PASS_AUTHORIZATION and rebuild Apache. What? Open a security hole? Well, here’s what the Apache source code says about allowing scripts ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Operations

Web Operations

John Allspaw, Jesse Robbins

Publisher Resources

ISBN: 1565925378Catalog PageErrata