Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Answer: Login and CGI security problem.

by chromatic (Archbishop)
on May 12, 2000 at 20:51 UTC ( #11318=categorized answer: print w/replies, xml ) Need Help??

Q&A > CGI programming > Login and CGI security ("open cookie jar") problem. - Answer contributed by chromatic

Another option is to use a timestamp on the server. For every action the user attempts to take, check the last timestamp for that account. If it's been more than 10 minutes, require re-authorization. Otherwise, update the timestamp to the current time and perform the action.

Sure, there is a window of time where some tricky malicious scripting could redirect the client to do something unintended, but it's minimized somewhat here.

  • Comment on Answer: Login and CGI security problem.
Log In?
Username:
Password:

What's my password?
Create A New User
Chatterbox?
[erix]: and good morning (sorry :))
[Corion]: erix: Naah, I just saw the announcement and remembered that discussion. Maybe I'll try building a DBD::SQLite with the zip stuff built-in, just for fun
[Corion]: Oh - and a good morning to you too :)
[erix]: we have these largish series (dozens) of largisch (1-2 GB) tabsep files that might be shrunk a bit in this way. Bound to get a bit slower but that doesn't matter too much for us

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2018-01-24 08:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How did you see in the new year?










    Results (256 votes). Check out past polls.

    Notices?