CGI Programming Interview Question:
Can I do HTTP authentication using CGI?
Submitted by: AdministratorIt depends on which version of the question you asked.
Yes, we can use CGI to trigger the browser's standard Username/Password dialogue. Send a response code 401, together with a "WWW-authenticate"
header including details of the the authentication scheme and realm:
e.g. (in a non-NPH script)
Status: 401 Unauthorized to access the document
WWW-authenticate: Basic realm="foobar"
Content-type: text/plain
Unauthorised to access this document
The use you can make of this is server-dependent, and harder,since most servers expect to deal with authentication before ever reaching the CGI (eg through .www_acl or .htaccess).
Thus it cannot usefully replace the standard login sequence, although it can be applied to other situations, such as re-validating a user -
e.g after a certain timeout period or if the same person may need to login under more than one userid.
What you can never get in CGI is the credentials returned by the user.
The HTTPD takes care of this, and simply sets REMOTE_USER to the username if the correct password was entered.
Submitted by: Administrator
Yes, we can use CGI to trigger the browser's standard Username/Password dialogue. Send a response code 401, together with a "WWW-authenticate"
header including details of the the authentication scheme and realm:
e.g. (in a non-NPH script)
Status: 401 Unauthorized to access the document
WWW-authenticate: Basic realm="foobar"
Content-type: text/plain
Unauthorised to access this document
The use you can make of this is server-dependent, and harder,since most servers expect to deal with authentication before ever reaching the CGI (eg through .www_acl or .htaccess).
Thus it cannot usefully replace the standard login sequence, although it can be applied to other situations, such as re-validating a user -
e.g after a certain timeout period or if the same person may need to login under more than one userid.
What you can never get in CGI is the credentials returned by the user.
The HTTPD takes care of this, and simply sets REMOTE_USER to the username if the correct password was entered.
Submitted by: Administrator
Copyright 2007-2025 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.