Again I have to apologise for this not strictly being a CGI/Perl question, but it is related to some extent.
I asked a question some time ago about using AUTH_NAME as a means to login a user into a database application automatically. More specifically, I asked if it was possible to get the AUTH password as well, and I was told it wasn't.
That's fair enough, but it's quite possible to use a small database to get the users password and log them in, in much the same way as cookies do.
Anyway, my question is, would using this method put more of an overhead on the server than using say cookies? Obviously cookies are the standard way of doing things, but isn't this a simple alternative, as well as adding extra security?
Not only that, but it makes it easier to boot an abusive user as well, since you don't have to build a checking routine for *everything* that's protected by this method, for instance subroutines that aren't related to the users permissions on the database. If they don't have their username and password, server-based authentication won't let them at *any* part of the directory contents.
So the basic question is: Will this method of protection add more of a load on the server than more traditional methods? Note that in some cases, such as a portal site, this method will be used throughout the entire site, excluding the registration subroutines.
Thanks,
adam
I asked a question some time ago about using AUTH_NAME as a means to login a user into a database application automatically. More specifically, I asked if it was possible to get the AUTH password as well, and I was told it wasn't.
That's fair enough, but it's quite possible to use a small database to get the users password and log them in, in much the same way as cookies do.
Anyway, my question is, would using this method put more of an overhead on the server than using say cookies? Obviously cookies are the standard way of doing things, but isn't this a simple alternative, as well as adding extra security?
Not only that, but it makes it easier to boot an abusive user as well, since you don't have to build a checking routine for *everything* that's protected by this method, for instance subroutines that aren't related to the users permissions on the database. If they don't have their username and password, server-based authentication won't let them at *any* part of the directory contents.
So the basic question is: Will this method of protection add more of a load on the server than more traditional methods? Note that in some cases, such as a portal site, this method will be used throughout the entire site, excluding the registration subroutines.
Thanks,
adam