| Subject: | Feature request: CONSTRAINTS |
I usually use CGI::Application::Plugin::Authentication::Driver::DBI, but
on this project I'm using Class::DBI. Thus, I'm using your wonderful
CDBI plugin to the plugin. :-)
However, one neat feature that Driver::DBI has that Driver::CDBI does
not have is the CONSTRAINTS option. CONSTRAINTS in "DBI" is what
FIELD_METHODS is in "CDBI". However, in CONSTRAINTS on "DBI", you can
specify additional field names and static values.. for instance.
DRIVER => [
'DBI',
DBH => $self->dbh('dbh_foo'),
TABLE => 'Users',
CONSTRAINTS => {
'Users.email' => '__CREDENTIAL_1__',
'MD5:Users.password' => '__CREDENTIAL_2__',
'Users.deleted' => '0'
},
....
....
The extra test condition is "Users.deleted" == 0. Now, I do have a
workaround with this module now. It might be considered insecure on the
surface, but with my actual use (not exactly like these examples), it's
quite secure:
DRIVER => [
'CDBI',
CLASS => 'MyDB::Accounts',
FIELD_METHODS => [qw(email MD5:password deleted)],
],
CREDENTIALS => [qw(authen_username authen_password foobar)],
...
...
And in my form, I have the hidden form value "foobar" set to "0". I
would imagine that with even more fudging around in CGI::Application I
could dynamically insert the "foobar" value into the POST variables to
make it 100% secure.. TMTOWTDI (I think that's the acronym).
But I digress.. I would still love to see either a CONSTRAINTS option
(or whatever name to give it) that would allow even more class fields to
be validated against static/dynamic variables within the Perl code.
If I'm missing some way to make a CREDENTIALS entry a var or static
value (and not pull from the form post data), let me know, and I'll
personally bonk myself over the head and kill RT entry. :-)
Thanks,
Neil