[Catalyst] 5.80005: $c->req->remote_user and apache: excluding
actions from authentication
Francesc Romà i Frigolé
francesc.roma+catalyst at gmail.com
Wed Jun 10 08:40:00 GMT 2009
On Tue, Jun 9, 2009 at 10:26 PM, Tomas Doran <bobtfish at bobtfish.net> wrote:
> This (and the ugly password box) is why most 'internet' websites implement
> auth with a login form - you can be a lot more flexible about the level of
> user-authenticity you require at each stage...
Thanks for the explanation. There are two reasons why I'm considering HTTP
auth despite it's lack of flexibility. I'd be happy to hear about
1) static performance: serving static files directly from apache is much
faster than through catalyst. I find it specially noticeable with big files
like large pictures and pdfs. Some of the files should not be public. If I
do authentication in catalyst I can't serve them directly from apache.
2) dynamic/AJAX laziness: pages that use XMLHttpRequest stop working when
authentication expires. Unless I manually detect the condition and allow the
user to re-authenticate. Using HTTP auth should let the browser take care of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalyst