CGI::Htauth.pm _____________________________________________________________ ***** WARNING ***** This version of CGI::Htauth is an early alpha version, very much under deveopment, and important features are not working ... _____________________________________________________________ CGI::Htauth offers a variety of authentication mechanisms to the CGI programmer. The main subroutine is &authenticate($config) $config can be either a string or a filename, and looks a bit like a simple router configuration, with different authentication modes to be offered to different IP addresses or ranges. Possible modes include allow, deny, password and challenge-response. CGI::Htauth uses Crypt::Tea to provide the encryption engine both in Perl on the server, and in Javascript on the browser. It also uses CGI::FormBuilder and CGI.pm. To install ( cool ! new ! interactive ! ) just: perl Install (but this doesn't yet work yet under Windows) that's all ! or you can still do it the old way ... perl Makefile.PL make make test make install For up-to-date source, see http://www.cpan.org/SITES.html From a non-JavaScript browser, password login works a bit like username/password login usually works, except that it also checks that the IP and browser don't change during the session, handles timeouts, and offers buttons for logout and password changing. From a JavaScript browser, password login installs the encryption engine in a parent frameset and remembers the password in a JavaScript variable there. The user is authenticated by encrypting a random challenge, so the password is never transmitted. Once a user is logged in, subsequent traffic in both directions is encrypted. The level of security is more or less equivalent to that offered by ssh in the mode in which it asks for the user's password and transmits it over an encrypted connection. Again, timeouts are handled and there are built-in buttons for logout and password changing. Peter J Billam computing@pjb.com.au http://www.pjb.com.au