[Catalyst] 5.80005: $c->req->remote_user and apache: excluding actions from authentication

Francesc Romà i Frigolé francesc.roma+catalyst at gmail.com
Wed Jun 10 14:50:24 GMT 2009

On Wed, Jun 10, 2009 at 1:55 PM, Tomas Doran <bobtfish at bobtfish.net> wrote:

You're worrying about the efficiency of pushing bytes around, but you're
> using shared hosting.
> Surely this is premature optimisation?


The applications I'm writing are expected to have a relatively small number
of users. From my experience so far the performance is quite good on a
shared hosting as long as I serve the static content from outside Catalyst.
Otherwise performance degrades significantly since each user has to deal
with a few static files that weight a few MB each.

This approach works for me as long as the static content requires no
authentication or the whole site requires authentication. It just have to
edit a single .htaccess file.

My concern is to keep the setup as simple as possible, and I find this
configuration very advantageous compared to dedicated/virtual hosting since
I don't have to take care of the servers (we are a small team with more
programming than systems administration experience)

Now I'm facing a new situation which is that some parts of the Catalyst
application have to be public. Since it's not a very different situation
than what I had been doing so far I think is legitimate to expect to be able
to solve it with similar tools.

I'm very grateful to you and kmx and Charlie for your help. Thanks to you
(and a bit of research and experimentation on my own) I've learned that for
achieving this goal I will have to sacrifice some flexibility: I should
design my applications in a way that there is only two paths that lead to
secure content (one that goes through catalyst and one that is static). In
this way I can solve the problem with a simple directory structure and two
.htaccess files. The layout of the public files/actions is not restricted. I
can't have paths to actions that behave differently depending on whether or
not the user has logged in.

For completeness sake I'll also say that there is a trivial solution that
avoids this trade off in flexibility: to set up a "guest" account. But I
don't like this solution because it would annoy guest users.

Through this discussion I've learned valuable knowledge which will help me
make design and planning decisions.

Thanks again to all for your replies,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090610/4058c=

More information about the Catalyst mailing list