/ 
Catalyst-Plugin-Authentication-0.10003
/ Catalyst::Authentication::Realm
Security Advisories (2)
CVE-2026-5091 (2026-05-21)

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

CVE-2009-10007 (2026-06-09)

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

NAME

Catalyst::Authentication::Realm - Base class for realm objects.

DESCRIPTION

CONFIGURATION

class

By default this class is the default realm class. You can specify a custom realm class with this config parameter.

auto_create_user

Set this to true if you wish this realm to auto-create user accounts when the user doesn't exist (most useful for remote authentication schemes).

auto_update_user

Set this to true if you wish this realm to auto-update user accounts after authentication (most useful for remote authentication schemes).

METHODS

new( )

Instantiantes this realm, plus the specified store and credential classes.

store( )

Holds an instance of the store object for this realm.

credential( )

Holds an instance of the credential object for this realm.

find_user( )

Delegates to the store object. Will also re-delegate auto_create_user and auto_update_user at this time, if necessary.

authenticate( )

Delegates to the credential objects and sets the authenticated user on success.

save_user_in_session( )

Delegates to the store object.

from_session( )

Delegates to the store object.