Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

Web::Passwd
Web-based htpasswd Management

Web::Passwd - Web-based htpasswd Management


NAME

Web::Passwd - Web-based htpasswd Management


VERSION

Version 0.03


SYNOPSIS

Web::Passwd is a web-based utility for managing Apache htpasswd files. It uses the CGI::Application framework, so functionality is encapsulated in the module and very little code is required to create an instance:


    use Web::Passwd;

    

    my $webapp = Web::Passwd->new();

    $webapp->run();



That's it. Drop that script in a web-accessible cgi directory and give it execute permissions, and (assuming a default config file is found), you're good to go. If you'd rather explicity define a configuration file to use, you can pass it through an extra parameter:


    my $webapp = Web::Passwd->new( PARAMS => { config => '/home/evan/custom_webpasswd.conf' } );




CONFIGURATION

If not explicitly provided, a configuration file will be searched for in the following locations (in order). If a valid configuration file is not found, the script will die with errors.


  ./webpasswd.conf    (the current directory)

  ../webpasswd.conf   (the parent directory)

  /etc/webpasswd.conf



The configuration file can be used to specify a directory of templates in the HTML::Template format. If no templates are found, default templates are used (see the /example/templates directory of the distribution).


  tmpl_path = /var/www/cgi-bin/webpasswd/



The htpasswd command can also be specified. If no htpasswd command is provided, the default is used. Note that, on some systems, you must specify the absolute path to the htpasswd binary.


  htpasswd_command = htpasswd



The configuration file can specify whether to use the GET (data encoded into the URL) or POST (data encoded into the message body) form request method. Defaults to using the generally more secure POST.


  form_method = POST



The configuration file should also contain a section for each htpasswd file it will be used to maintain, using the following format:


  [Descriptive Name]

  path = /system/path/to/passwdfile

  algorithm = {crypt|md5|sha|plain}



TECHNICAL NOTE: The default algorithm Apache uses is crypt under Linux, and MD5 under Windows.

PITFALL: Enclosing values in quotes within the config file does not have the expected effect! It simply includes the literal quote characters in the config value.


SECURITY

It is *imperitive* that the Web::Passwd instance script itself be htpasswd protected, as it includes no access control mechanism.

Understand that putting the ability to manage htpasswd files via a web-based utility carries an inherent security risk, in that anyone who gains access to the utility is potentially given access to any of the managed htpasswd-protected resources.

Any htpasswd files to be managed with this utility MUST be owned by whatever user apache runs as. Usually, this is 'apache' or 'nobody'.


COMPATABILITY

This was written expressly for Apache webserver 1.3 or higher running under Linux. However, there is nothing as far as I am aware that would prevent execution on a higher version of Apache, or on Apache under Windows.


DEPENDENCIES

A Perl version of 5.6.1 or higher is recommended, and the following modules are required:


  CGI::Application

  Config::Tiny

  HTML::Template




AUTHOR

Evan Kaufman, <evank at cpan.org>


SUPPORT

You can find documentation for this module with the perldoc command.


    perldoc Web::Passwd




ACKNOWLEDGEMENTS

Written for BCD Music Group.


COPYRIGHT & LICENSE

Copyright 2007 Evan Kaufman, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy