GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Plack::Middleware::Auth::Digest(3) User Contributed Perl Documentation Plack::Middleware::Auth::Digest(3)

Plack::Middleware::Auth::Digest - Digest authentication

  enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
      authenticator => sub {
          my ($username, $env) = @_;
          return $password; # for $username
      };

  # Or return MD5 hash of "$username:$realm:$password"
  enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
      password_hashed => 1,
      authenticator => sub { return $password_hashed };

Plack::Middleware::Auth::Digest is a Plack middleware component that enables Digest authentication. Your "authenticator" callback is called using two parameters: a username as a string and the PSGI $env hash. Your callback should return a password, either as a raw password or a hashed password.

authenticator
A callback that takes a username and PSGI $env hash and returns a password for the user, either in a plaintext password or a MD5 hash of "username:realm:password" (quotes not included) when "password_hashed" option is enabled.
password_hashed
A boolean (0 or 1) to indicate whether "authenticator" callback returns passwords in a plaintext or hashed. Defaults to 0 (plaintext).
realm
A string to represent the realm. Defaults to restricted area.
secret
Server secret text string that is used to sign nonce. Required.
nonce_ttl
Time-to-live seconds to prevent replay attacks. Defaults to 60.

This middleware expects that the application has a full access to the headers sent by clients in PSGI environment. That is normally the case with standalone Perl PSGI web servers such as Starman or HTTP::Server::Simple::PSGI.

However, in a web server configuration where you can't achieve this (i.e. using your application via Apache's mod_cgi), this middleware does not work since your application can't know the value of "Authorization:" header.

If you use Apache as a web server and CGI to run your PSGI application, you can either a) compile Apache with "-DSECURITY_HOLE_PASS_AUTHORIZATION" option, or b) use mod_rewrite to pass the Authorization header to the application with the rewrite rule like following.

  RewriteEngine on
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Yuji Shimada <xaicron@cpan.org>

Tatsuhiko Miyagawa

Yuji Shimada, Tatsuhiko Miyagawa 2010-

Plack::Middleware::Auth::Basic

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
2015-03-31 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.