Search code examples
perlplackpsgipoet

Authentication and/or HTTPS with Plack/PSGI/Poet application

I need to build a simple web-application. I decided to do it with Poet (Mason2), which uses Plack.

The application should be allowed to use only by authenticated users, so I need build some login/password functionality.

There already is a Plack module Plack::Middleware::Auth::Basic that allows using Basic user auth that makes it possible to setup to check .htpasswd or similar. But the basic authentication is not very secure; anybody can grab the login password with packet capturing or the like.

Here are 2 possible solutions:

  • running my app.psgi via HTTPS(443) - link level encryption
  • or is there some better auth method that allow secure auth without https?

The questions:

  • Regarding HTTPS - I have no idea how to run my app.psgi via HTTPS. Do I need to modify my application somewhat? Any link what shows me how to run plackup over the https?
  • or for the second: is there some method (middleware/or perl module) what allows me build secure authentication over the standard unencrypted port?(80)

So, what is an relative easy way to achieve secure authentication with a Plack application?

PS: I don't care about the rest of communication. I only need secure auth that doesn't allow to grab the passwords.

PPS: https is easy with apache (and self-signed) certificate. But I have no idea how to do it with plackup (and or any other Plack based server)

Solution

  • Another more simple option is to use what's built into plackup, Starman, and Thrall:

    plackup --enable-ssl --ssl-key-file=... --ssl-cert-file=...

    (or)

    starman --enable-ssl --ssl-key=... --ssl-cert=...

    (or)

    thrall --enable-ssl --ssl-key-file=... --ssl-cert-file=...