911Re: Security implemention question
- Jan 3, 2003On Friday, Jan 3, 2003, at 04:59 US/Eastern, richard@...
> I have already implemented page level security to restrict each levelIf you don't mind using you mod_perl instances to serve files (your
> user to
> the pages for which they are authorised. My problem is that for user
> level 2
> to be able to download these files, they must be placed somewhere
> within the
> webroot. I want to prevent user level 1 from downloading these files
> as they
> are only intended for downloading by users of level 2.
> [ ... snip ... ]
> I am using Apache::ASP (latest), mod_perl 1.99, Apache2 (latest), perl
> Thanks for any advice / feedback
site is low traffic and this won't hurt you). Then write a mod_perl
PerlAccessHandler to deny people access. Implement all of your login
system in a PerlAuthenHandler. Then just have simple login page.
There are some good example of this in the mod_perl cookbook.
The big advantage of this is that you never really need to "know" how
to auth someone to write another web page for your site. It is
provided for you by your Authen handler before you page is ever loaded.
Also, your Authen handler can do slick things like put an instance of a
"User" object in the Apache request notes. and the "new" method for
your User object can look there first... This allows you to blindly
my $user = User->new();
at the top of any ASP page and have full access to that user's object.
And you _know_ it will be populated with valid data because they passed
through your Authen/Access handlers and it was actually built in there
-- of course, it does hurt to check ;-)
OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
Phone: +1 410 872 4910 x201 Fax: +1 410 872 4911
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
To unsubscribe, e-mail: asp-unsubscribe@...
For additional commands, e-mail: asp-help@...
- << Previous post in topic Next post in topic >>