Apache-based authen/authz vs. alternatives

Hi all,

I'm currently working on an old system at a company that uses apache-
perl, and their authentication system runs off the apache
PerlAuthenHandler and PerlAuthzHandler directives in their VirtualHost
configuration.

In a previous company, we separated the authentication and
authorization from the apache configuration, which meant authen/authz
ran as cgi scripts that were called on page loads. My question is, is
either an obviously superior choice?

- Ifty.

Re: Apache-based authen/authz vs. alternatives

On Dec 5, 9:48 pm, Iftekhar wrote:
> Hi all,
>
> I'm currently working on an old system at a company that uses apache-
> perl, and their authentication system runs off the apache
> PerlAuthenHandler and PerlAuthzHandler directives in their VirtualHost
> configuration.

Check out how Apache goes through a request with different phases,

http://modperlbook.org/html/1-4-Apache-1-3-Request-Processin g-Phases.html

For performace, using PerlAuthenHandler, PerlAuthzHandler to setup
authen/authz before the response (or content generation) phase is much
better than using CGI scripts(in response phase).

doing authen/authz in cgi-script might be more flexibilities though..

Regards,
XC

> In a previous company, we separated the authentication and
> authorization from the apache configuration, which meant authen/authz
> ran as cgi scripts that were called on page loads. My question is, is
> either an obviously superior choice?
>
> - Ifty.