• Your recent searches
Apache-AuthCookieDBI
1 match

 view release on metacpan or  search on metacpan

AuthCookieDBI.pm  view on Meta::CPAN 

If a ticket has expired or is otherwise invalid it is cleared in the browser
and the login form is shown again.

=cut

#===============================================================================
# P R I V A T E   F U N C T I O N S
#===============================================================================

#-------------------------------------------------------------------------------
# _log_not_set -- Log that a particular authentication variable was not set.

sub _log_not_set {
    my ( $r, $variable ) = @_;
    my $auth_name = $r->auth_name;
    return $r->log_error(
        "Apache::AuthCookieDBI: $variable not set for auth realm
$auth_name", $r->uri
    );
}

#-------------------------------------------------------------------------------
# _dir_config_var -- Get a particular authentication variable.

AuthCookieDBI.pm  view on Meta::CPAN 

=over 4

=item C<WhatEverDBI_DSN>

Specifies the DSN for DBI for the database you wish to connect to retrieve
user information.  This is required and has no default value.

=cut

    unless ( $c{DBI_DSN} = _dir_config_var $r, 'DBI_DSN' ) {
        _log_not_set $r, 'DBI_DSN';
        return;
    }

=item C<WhateverDBI_SecretKey>

Specifies the secret key for this auth scheme.  This should be a long
random string.  This should be secret; either make the httpd.conf file
only readable by root, or put the PerlSetVar in a file only readable by
root and include it.

This is required and has no default value
=cut

    unless ( $c{DBI_SecretKey} = _dir_config_var $r, 'DBI_SecretKey'
        or _dir_config_var $r, 'DBI_SecretKeyFile' )
    {
        _log_not_set $r, 'DBI_SecretKey or DBI_SecretKeyFile';
        return;
    }

=item C<WhatEverDBI_User>

The user to log into the database as.  This is not required and
defaults to undef.

=cut

AuthCookieDBI.pm  view on Meta::CPAN 

is so you can have it owned and only readable by root even though Apache
then changes to another user.

I suggest using DBI_SecretKey instead.

=cut

    unless ( $c{DBI_secretkeyfile} = _dir_config_var $r, 'DBI_SecretKeyFile'
        or _dir_config_var $r, 'DBI_SecretKey' )
    {
        _log_not_set $r, 'DBI_SecretKeyFile or DBI_SecretKey';
        return;
    }

=item C<WhatEverDBI_EncryptionType>

What kind of encryption to use to prevent the user from looking at the fields
in the ticket we give them.  This is almost completely useless, so don't
switch it on unless you really know you need it.  It does not provide any
protection of the password in transport; use SSL for that.  It can be 'none',
'des', 'idea', 'blowfish', or 'blowfish_pp'.



( run in 0.241 second using v1.01-cache-2.11-cpan-0a987023a57 )