[Catalyst] Catalyst with HTTP authentication
spamcatcher at thiemeier.net
Tue Mar 12 16:18:32 GMT 2013
On 03/12/2013 01:07 PM, Alexander Hartmaier wrote:
> Having the webserver do the authentication means you are depending on it
> to support the type of authentication you want to use.
> I'd prefer having the authentication in the app with the exact same code
> for production and testing over ::Remote.
Everything has its pros and cons. If you do all your authentication in
your app, you depend on existing modules for the desired authentication
method, or you have to write your own authentication code. I prefer
using stable and tested mechanisms over writing my own code (if
possible). And if a tool lacks some features which I need, I just use
something else (again, if possible). I guess 90% of all webservers
support most common authentication methods.
Until now, I used DBIC based authentication within my app, and ::Remote
for everything else. But until now "everything else" is just one project
which requires digest, certificates and kerberos authentication.
I guess there is no "better" in this case. Its a matter of personal
preferences and use case.
Concerning the differing code for testing and production: I agree. This
truly is a disadvantage when using ::Remote
More information about the Catalyst