Best way to differentiate accounts with one set of scripts?

[Vinnie Murdico]

Hi,

I'm creating a series of Perl scripts that make up an entire web site.
It works fine, but now I'd like to change it such that I can "replicate"
this entire web site for multiple accounts for various customers.

I don't want to make copies of the scripts for each hosted account,
because errors and enhancements will then need to be replicated across
multiple copies -- a maintenance nightmare.

I thought about requiring users to "log in" first, and creating a cookie
that contains their account name. Then when each script runs, it looks
at the cookie and gets the account name and uses that to set variables
for unique directories and files where that account's data would be
stored, thus giving each account a unique data area.

Is there a better way to do this that doesn't involve using cookies such
that the scripts could determine which user account was in effect when
it was run so it could look at the correct data location for that
account?

Thanks in advance for any ideas...

-- Vinnie

 

[Gunnar Hjalmarsson]

I'm creating a series of Perl scripts that make up an entire web
site. It works fine, but now I'd like to change it such that I can
"replicate" this entire web site for multiple accounts for various
customers.

I don't want to make copies of the scripts for each hosted account,
because errors and enhancements will then need to be replicated
across multiple copies -- a maintenance nightmare.

I thought about requiring users to "log in" first, and creating a
cookie that contains their account name. Then when each script
runs, it looks at the cookie and gets the account name and uses
that to set variables for unique directories and files where that
account's data would be stored, thus giving each account a unique
data area.

Is there a better way to do this that doesn't involve using cookies
such that the scripts could determine which user account was in
effect when it was run so it could look at the correct data
location for that account?

I'm assuming that the scripts are running as CGI scripts. Provided
that suEXEC or a CGI wrap is enabled, the home directory can be
grabbed via the getpwuid() function:

my $homedir = (getpwuid $<)[7];

But how do you ensure that the scripts are accessed via the 'right'
URL? Maybe not a usable idea, after all...

 

[ctcgag]

Hi,

I'm creating a series of Perl scripts that make up an entire web site.
It works fine, but now I'd like to change it such that I can "replicate"
this entire web site for multiple accounts for various customers.

I think you first need to decide on a security model, then only once you
have done that does it make sense to worry about this type of detail.

I don't want to make copies of the scripts for each hosted account,
because errors and enhancements will then need to be replicated across
multiple copies -- a maintenance nightmare.

Where is the nightmare?

foreach (@foo) {
system "rm /blah/blah/$_/*.cgi";
system "cp *.cgi /blah/blah/$_/";
}

I don't see how this solves anything, but I also don't see how it
causes any problems.

I thought about requiring users to "log in" first, and creating a cookie
that contains their account name. Then when each script runs, it looks
at the cookie and gets the account name and uses that to set variables
for unique directories and files where that account's data would be
stored, thus giving each account a unique data area.

Cookies are easy to spoof. Would your customers be happy with the
fairly low level of security that this would provide?

Is there a better way to do this that doesn't involve using cookies such
that the scripts could determine which user account was in effect when
it was run so it could look at the correct data location for that
account?

First you need to make the policy decision of how to authenticate users.
Once you have them authenticated, it probably won't be all that hard to do
the rest.

Xho