Revision history for Apache-AppSamurai

1.01 2008-05-03

• REQUIRED CHANGE - The new login form signature check (described below) require changes to login.pl and login.html. It is recommended that you replace your existing login.pl with examples/htdocs/login.pl. To preserve your customizations to login.html, it is recommended that you add in changes manually. For most cases, you should be able to add lines right after:

<input type="hidden" name="destination" value="__URI__" />

to support the changes. Add the following to your login.html:

            <input type="hidden" name="nonce" value="__NONCE__" />
            <input type="hidden" name="sig" value="__SIG__" />

        * Added nonce and signature to login.pl login form and checking
          in Apache::AppSamurai::login().  All form logins must now provide
          a valid nonce and signature.  This is a Cross Site Request Forgery
          style protection, but since the user is not yet logged in, does
          not ACTUALLY provide CSRF protection.  Instead, it is a additional
          bar to raise and prevent some types of scripted brute force/DoS
          attempts.

        * Added AuthSimple.pm, a authentication module for the
          Authen::Simple authentication framework, which supports
          numerous authentication methods (Kerberos, LDAP, PAM, etc.)

        * Changed Build.PL to attempt to pre-detect mod_perl version
          installed, adding requirement for mod_perl 2 if nothing is
          found

        * Changed Build.PL to attempt to pre-detect cipher module
          for use with Crypt::CBC, adding requirement for
          Crypt::Rijndael if none are found

        * Added "use warnings" to all modules

        * Added Pod test (Pod Coverage test left disabled until more methods
          are documented or set to ignore)

1.00 2007-10-01

        First release with Apache 2.x/mod_perl 2.x support.  Changes
        include:
        
        * Unified Apache 1.x/mod_perl 1.x and Apache 2.x/mod_perl 2.x
          support (adds requirement for libapreq)

        * mod_perl 1.x/mod_perl 2.x examples in Apache::AppSamurai
          documentation and a unified example in examples/conf/

        * Crypt::CBC used for session data encryption with support for
          for Crypt::Rijndael, Crypt::OpenSSL::AES, Crypt::Twofish, or
          Crypt::Blowfish as the backend block cipher module.

        * Added SessionSerializeCipher option to specify the block cipher
          module to use.  (If undefined, Apache::AppSamurai attempts to
          auto-detect a suitable module.)

        * Ships with ExtUtils::MakeMaker Makefile.PL for users without
          Module::Build. (Module::Build install is still preferred)

        * All submodules now use their CVS revision for their VERSION.

        * Added LoginDestination and LogoutDestination options to
          define specific URIs to send users to after login/logout

        * Added confconfer.pl script (under examples/conf) for easier
          configuration based on template examples in examples/conf

0.09 2007-07-14

First public version, released on an unsuspecting world.