Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

(ichi) Re: secure CGI: books and examples?

by ichimunki (Priest)
on Apr 23, 2002 at 19:09 UTC ( #161399=note: print w/ replies, xml ) Need Help??


in reply to secure CGI: books and examples?

1 & 2. Why not use GET and POST over https? For a non-web-based solution (assuming the server is Unix/Linux), you might use scp (part of ssh)? ssh clients are easy to come by, and since the admin process is normal user management it might be easier than trying to web-fronted all that stuff (especially from scratch). The ssh tools are in widespread use too, so that gets to your "bulletproof" point. Just a thought.

If you don't want to offer raw shell access, you could write a pseudo-shell for your clients/users (perhaps even in Perl). Something like KISS, or other menu-driven login. There's no reason users require access to BASH or KORN shells, after all.

3. I don't keep up on what's available, so no comment.

4. You can theoretically expire a cookie on the client side, you can also put a session ID into the cookie and track that, along with a time-limit, on the server side. In a stateless protocol like HTTP you're not going to be able to do a strict timeout, so this would be the next best thing.


Comment on (ichi) Re: secure CGI: books and examples?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://161399]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2014-07-12 09:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (239 votes), past polls