[Catalyst] Storing Login Information

Patrick McDonnell kc9ddi at gmail.com
Thu Aug 9 16:31:53 GMT 2007


Hello -

I'm working on a Catalyst app, mostly just to amuse myself, that is supposed
to be a webmail/calendar/address book/user account management app.  All of
the user account information, as well as the address book, is stored in an
LDAP directory, so authenticating against that is not a problem.  I am
running into a problem if I want the user to be able to connect to an IMAP
server, as that would require that user provide their username/password
again.  Here's basically how my app is currently working:

User logs in, auth data is checked against LDAP.  Once logged in, the user
is trusted to do various things based on my authorization scheme.
Say the user wants to check his email.  I'm trying to use Net::IMAP::Simple
to connect to my IMAP server.  However, to log in, the module needs the
username and password.  So, the two most obvious options are to 1) have the
user provide his authentication data again; or 2) store the user's password
in the session.  Neither sounds like a good idea, the first is just
annoying, and the second seems like a security vulnerability.

So, does anyone have any advice on how to procede.  One idea I had was the
login to the IMAP server the first time the user logs in to the web app, and
then pass around the IMAP object with the session, but that seems kind of
ugly.  Any ideas?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070809/30342=
586/attachment.htm


More information about the Catalyst mailing list