Andrew J. Korty > Data-Passphrase-0.0.7 > Data::Passphrase::Apache

Download:
Data-Passphrase-0.0.7.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Source  

NAME ^

Data::Passphrase::Apache - HTTP service for checking passphrase strength

SYNOPSIS ^

In httpd.conf:

    <Location />
        Require valid-user
        SSLRequireSSL
        
        PerlHandler +Data::Passphrase::Apache
        SetHandler  perl-script
        
        # turn on debugging (default: 0)
        PerlSetVar PassphraseDebug 1
        
        # use a remote service for form_handler (default: localhost)
        PerlSetVar PassphraseLocation \
                   "https://example.com/passphrase/validate"
        
        # set location of rules file (default: /etc/passphrase_rules)
        PerlSetVar PassphraseRules \
                   /usr/local/etc/passphrase_rules
    </Location>

HTTP client:

    use constant LOCATION => 'https://itso.iu.edu/validate/http';
    
    use LWP::UserAgent;
    
    my $username = $ENV{LOGNAME};
    for (;;) {
        print 'Passphrase (clear): ';
        chomp (my $passphrase = <STDIN>);

        my $user_agent = LWP::UserAgent->new();
        my $response   = $user_agent->post(LOCATION, {
            passphrase => $passphrase,
            username   => $username,
        });
        $code          = $response->code   ();
        $message       = $response->message();
        $score         = $response->score  ();
    
        print "$code $message, score: $score\%\n";
    }

SOAP client:

    use SOAP::Lite +autodispatch =>
        proxy    => 'http://itso.iu.edu/validate/soap',
        uri      => 'http://passphrase.iu.edu/Data/Passphrase';
    
    my $username = $ENV{LOGNAME};
    for (;;) {
        print 'Passphrase (clear): ';
        chomp (my $passphrase = <STDIN>);
    
        my $response = SOAP::Lite
            ->uri('http://passphrase.iu.edu/Data/Passphrase')
            ->proxy('http://itso.iu.edu/validate/soap')
            ->validate_passphrase({
                username   => $username,
                passphrase => $passphrase,
            })->result()
            or die $!;
        print "$result->{code} $result->{message}, score: $result->{score}\%\n";
    }

DESCRIPTION ^

This mod_perl module provides HTTP and SOAP interfaces to Data::Passphrase. A trivial form handler is also included, mostly as an example. By default, the various interfaces are accessible by the following URIs:

  Interface     URI
  ---------     ---
  HTTP          https://example.com/http
  SOAP          https://example.com/soap
  WSDL          https://example.com/wsdl
  form example  https://example.com/form

HTTP Interface

An application or user may submit the passphrase to be checked via the query parameter passphrase. The module also supports a username parameter, which defaults to $r->user(). Sites may wish to configure rules to check passphrases based on user-related data, so the username parameter may be useful for testing.

The response consists of an HTTP response code and status message in the header, and a JSON representation of the code, message, and score in the body. If a passphrase is deemed to weak via a certain rule, the error code associated with that rule is returned. Usually, these error codes are in the 4xx range. If a passphrase passes all rules, 200 is returned.

This module supports GET and POST request methods, but POST is usually appropriate to avoid passphrases being recorded in server logs. RESTful URLs are not used for the same reason.

SOAP Interface

SOAP semantics are provided by SOAP::Lite with a corresponding WSDL provided by Pod::WSDL. This interface exposes only the validate_passphrase() procedural method; there is no object-oriented RPC functionality.

Form Example

The form handler is just a trivial example for use in testing or as a starting point.

AUTHOR ^

Andrew J. Korty <ajk@iu.edu>

SEE ALSO ^

Data::Passphrase(3), Pod::WSDL(3), SOAP::Lite(3)

syntax highlighting: