Databases
StackOverflow2013
Postsdbo
POHow to improve authentication in a Perl Dancer app
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to improve authentication in a Perl Dancer app
    text
    copied!<p>I am working on a Perl Dancer web application that needs to accomplish two things in terms of authentication:</p> <ol> <li>authenticate users based on Active Directory for access to the application</li> <li>authenticate as the user to access a couple of .NET web services.</li> </ol> <p>The application is being hosted as a CGI application by Apache on a Linux box, and I do not have much control over Apache's configuration.</p> <p>Below is the workflow of the currently working application:</p> <ol> <li>Display a login page to the user</li> <li>When the user submits the form, use <a href="http://search.cpan.org/~chansen/Authen-Simple-LDAP-0.3/lib/Authen/Simple/ActiveDirectory.pm" rel="nofollow">Authen::Simple::ActiveDirectory</a> to verify the account is valid</li> <li>Store the user's credentials using <a href="http://search.cpan.org/~dagolden/Dancer-Session-Cookie-0.18/lib/Dancer/Session/Cookie.pm" rel="nofollow">Dancer::Session::Cookie</a> (encrypted cookies)</li> <li>Display a search form to the user</li> <li>When the user submits this form, use <a href="http://search.cpan.org/~markbush/NTLM-1.02/NTLM.pm" rel="nofollow">Authen::NTLM</a> and <a href="http://search.cpan.org/~mkutter/SOAP-Lite-0.715/lib/SOAP/Lite.pm" rel="nofollow">SOAP::Lite</a> to access the .NET services (similar to the example <a href="http://lifo101.wordpress.com/2012/05/08/sharepoint-and-ntlmv2-with-soaplite/" rel="nofollow">here</a>) to perform a search</li> <li>Display the results to the user</li> </ol> <p>The handling of user credentials here concerns me, but I am generally new to web applications and authentication. For a small internal application, is this okay? If not, how do you suggest I improve this process? Like I said, the application as outlined above works, but I feel like it could/should be improved.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload