Apache-DBILogin
1 match

 view release on metacpan or  search on metacpan

DBILogin.pm  view on Meta::CPAN 

     my ($r, $dbh, $group) = @_;
 
     my $sth;
     eval {
         # no, Oracle doesn't support binding in SET ROLE statement
         $sth = $dbh->prepare("SET ROLE $group") or die $DBI::errstr;
     };
     return ( MP2 ? Apache2::Const::HTTP_INTERNAL_SERVER_ERROR
                  : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR ) if ( $@ );
        
     return ( defined $sth->execute() ) ? (MP2 ? Apache2::Const::OK
                                               : Apache::Constants::OK)
                                        : (MP2 ? Apache2::Const::HTTP_FORBIDDEN
                                               : Apache::Constants::HTTP_FORBIDDEN);
 }

=head1 DESCRIPTION

Apache::DBILogin allows authentication and authorization against a
multi-user database.

It is intended to facilitate web-based transactions against a database server
as a particular database user. If you wish authenticate against a passwd
table instead, please see Edmund Mergl's Apache::AuthDBI module.

Group authorization is handled by your Apache::DBILogin::is_member()
function which you must define if you enable the authz handler.

The above example uses Oracle roles to assign group membership. A role is a
set of database privileges which can be assigned to users. Unfortunately,
roles are vendor specific. Under Oracle you can test membership with
"SET ROLE role_name" statement. You could also query the data dictionary,
DBA_ROLE_PRIVS, but under Oracle that requires explicit privilege.
Documentation patches for other databases are welcome.

=head1 ENVIRONMENT

Applications may access the clear text password as well as the data_source
via the environment variables B<HTTP_MODPERL_DBILOGIN_PASSWORD> and
B<HTTP_MODPERL_DBILOGIN_DATA_SOURCE>.

 #!/usr/bin/perl -wT
 
 use strict;
 use CGI;
 use DBI;
 my $name = $ENV{REMOTE_USER};
 my $password = $ENV{HTTP_MODPERL_DBILOGIN_PASSWORD};
 my $data_source = $ENV{HTTP_MODPERL_DBILOGIN_DATA_SOURCE};
 my $dbh = DBI->connect($data_source, $name, $password)
 	or die "$DBI::err: $DBI::errstr\n";
 ...

=head1 SECURITY

The database user's clear text passwd is made available in the
server's environment. Do you trust your developers?

=head1 BUGS

Probably lots, I'm not the best programmer in the world.

=head1 NOTES

Feel free to email me with comments, suggestions, flames. Its the
only way I'll become a better programmer.

=head1 SEE ALSO

mod_perl(1), Apache::DBI(3), and Apache::AuthDBI(3)

=head1 AUTHOR

John Groenveld E<lt>groenveld@acm.orgE<gt>

=cut



( run in 1.422 second using v1.01-cache-2.11-cpan-97f6503c9c8 )