Paul M. Hirsch

Modules

Changes for version 1.01

  • REQUIRED CHANGE - The new login form signature check (described below) require changes to login.pl and login.html. It is recommended that you replace your existing login.pl with examples/htdocs/login.pl. To preserve your customizations to login.html, it is recommended that you add in changes manually. For most cases, you should be able to add lines right after:
    • to support the changes. Add the following to your login.html:
  • Added nonce and signature to login.pl login form and checking in Apache::AppSamurai::login(). All form logins must now provide a valid nonce and signature. This is a Cross Site Request Forgery style protection, but since the user is not yet logged in, does not ACTUALLY provide CSRF protection. Instead, it is a additional bar to raise and prevent some types of scripted brute force/DoS attempts.
  • Added AuthSimple.pm, a authentication module for the Authen::Simple authentication framework, which supports numerous authentication methods (Kerberos, LDAP, PAM, etc.)
  • Changed Build.PL to attempt to pre-detect mod_perl version installed, adding requirement for mod_perl 2 if nothing is found
  • Changed Build.PL to attempt to pre-detect cipher module for use with Crypt::CBC, adding requirement for Crypt::Rijndael if none are found
  • Added "use warnings" to all modules
  • Added Pod test (Pod Coverage test left disabled until more methods are documented or set to ignore)