I need to build a simple web-application. I decided to do it with Poet (Mason2), which uses Plack.
The application should be allowed to use only by authenticated users, so I need build some login/password functionality.
There already is a Plack module Plack::Middleware::Auth::Basic that allows using Basic user auth that makes it possible to setup to check .htpasswd
or similar. But the basic authentication is not very secure; anybody can grab the login password with packet capturing or the like.
Here are 2 possible solutions:
- running my app.psgi via HTTPS(443) - link level encryption
- or is there some better auth method that allow secure auth without https?
The questions:
- Regarding HTTPS - I have no idea how to run my
app.psgi
via HTTPS. Do I need to modify my application somewhat? Any link what shows me how to runplackup
over the https? - or for the second: is there some method (middleware/or perl module) what allows me build secure authentication over the standard unencrypted port?(80)
So, what is an relative easy way to achieve secure authentication with a Plack application?
PS: I don't care about the rest of communication. I only need secure auth that doesn't allow to grab the passwords.
PPS: https is easy with apache (and self-signed) certificate. But I have no idea how to do it with plackup
(and or any other Plack based server)
Another more simple option is to use what's built into plackup, Starman, and Thrall:
(or)
(or)