Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: cgi and https (mildly off topic)

by Ryszard (Priest)
on Nov 27, 2001 at 09:30 UTC ( #127729=note: print w/replies, xml ) Need Help??

in reply to cgi and https (mildly off topic)

Why not use session management so people have to log in to use the service? Its easy to build yourself, or even easier if you want to download a module to do it for you.

whatever you do, use perl -wT, and *dont* put any JS in webpages to encrypt anything. All passwords should be stored server-side with some kind of one way hash (md5, sha-1 (i prefer hashing over encrypting as you dont need to leave a key lying about somewhere). The incoming password is then, captured, untainted, encrypted and compared to the one that is stored.

If possible, put the backend storage machine on a private network so it is harder to get to, (but that may be over kill in your situation.)

As a rule untaint *everything* that is coming from outside your script (which is what -T actually enforces)

By far the easiest method of doing this is have one script that accepts a password, and conditionally on the password being correct, it will pump out the right information.
The downside is it is *so* unscalable, and you need to re-enter the password each time you want to review the information

Just the disjointed ravings of a crazed lunatic.