extend howto

Explain basic http authentication. Mention SQLite.

diff --git a/PLP/HowTo.pod b/PLP/HowTo.pod
index 93bacb24002e4f4a83950276ff0027857098f26e..299ab6e91a255010e52354a5edb86ff1c61e59f1 100644 (file)
--- a/PLP/HowTo.pod
+++ b/PLP/HowTo.pod
@@ -39,7 +39,8 @@ used in this document are available (for free) at CPAN: http://search.cpan.org/
 
 Use DBI, and alternatively, one of the many simplifying modules. Drivers for
 DBI are in the DBD:: namespace. DBI loads the driver automatically, but it has
-to be available.
+to be available. If you need a fast full-featured file-base database, use
+DBD::SQLite, it's the instant database :).
 
  <:
      use DBIx::Simple; # and read its documentation for examples.
@@ -64,6 +65,34 @@ Use CGI.pm, which can be used with CGI::Upload to make things easier
      my $page = get 'http://foo.com/bar.html';
  :>
 
+=head2 implement basic authentication
+
+This only works with PLP under mod_perl. For CGI installations, it's useless.
+
+ <:
+     use MIME::Base64;
+
+     BEGIN {
+         my $r = Apache->request;
+
+         my ($type, $login) = split / /, $r->header_in('Authorization');
+         my ($user, $pass) = split /:/, decode_base64 $login, 2;
+
+         unless ($user eq 'foo' and $pass eq 'bar') {
+             $header{Status} = '401 Authorization Required';
+             $header{WWW_Authenticate} = 'Basic realm="Top secret :)"';
+             print '<h1>Authorization Required</h1>';
+             exit;
+         }
+     }
+ :>
+
+(It is possible to use something similar with CGI, but it's not easy. Headers
+are communicated to your script via C<%ENV>, and having credentials in there
+would be insecure, so Apache removes them. To get C<$ENV{HTTP_AUTHORIZATION}>,
+you need to recompile Apache with -DSECURITY_HOLE_PASS_AUTHORIZATION, or use
+mod_rewrite to set the environment variable. Short answer: just use mod_perl.)
+
 =head1 FEEDBACK
 
 If you have good, simple examples of how to do common things with PLP, please