Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Answer: Login and CGI security problem.

by chromatic (Archbishop)
on May 12, 2000 at 20:51 UTC ( #11318=categorized answer: print w/replies, xml ) Need Help??

Q&A > CGI programming > Login and CGI security ("open cookie jar") problem. - Answer contributed by chromatic

Another option is to use a timestamp on the server. For every action the user attempts to take, check the last timestamp for that account. If it's been more than 10 minutes, require re-authorization. Otherwise, update the timestamp to the current time and perform the action.

Sure, there is a window of time where some tricky malicious scripting could redirect the client to do something unintended, but it's minimized somewhat here.

  • Comment on Answer: Login and CGI security problem.
Log In?
Username:
Password:

What's my password?
Create A New User
Chatterbox?
erix just did a 12 km-run. Slow, but unstoppable!
[choroba]: My recent record is 10km in 1 hour :)
[perldigious]: Nice erix... perldigious' legs are so sore from portaging his kayak from place to place last weekend he can barely hobble 12m. :-)
[erix]: you're faster than me then :)
[erix]: well, at the moment, that is :)
[erix]: I should lose some weight although I keep telling myself that I'm doing extra training by lugging it along
[erix]: I saw a common kingfisher and a couple of bullfinches
[erix]: bullfinch ( a male and a female )
erix learned the word 'portaging' not so long ago (from vikings lugging their ships from one river-system to another)

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (8)
As of 2017-05-24 12:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?