CGI Authentication form passthrough question

D'Arcy J.M. Cain darcy at vex.net
Sun May 21 00:33:00 CEST 2000


David Rock <rockdw at bigfoot.com> wrote:
> How do I make this form submission and all subsequent submissions display based on a verified un/pw? Right now, all someone would have to do is remember
> the URL after the login stuff and they wouldn't need to worry about it. (I thought of using if __name__ == '__main__' to verify that the cgi being
> accessed by the form is not the main process, but sometimes it should be)

Don't use a form for the password.  Use the built in login/password facility
in the Apache (You do use Apache, right?) web server.  This password needs
to be sent for each page but your browser does this for you automatically
once you have entered password correctly once.  The variable REMOTE_USER
now holds the name that the user logged in as and you can always check
for that before continuing.  Let the system do all the hard work.

Look at the various Auth directives for details.  You can put them in a
<DIRECTORY> block in the config file or put them in .htaccess.

-- 
D'Arcy J.M. Cain <darcy at vex.net>           |  Democracy is three wolves
http://www.vex.net/                        |  and a sheep voting on         
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.



More information about the Python-list mailing list