Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

(ichi) Re: secure CGI: books and examples?

by ichimunki (Priest)
on Apr 23, 2002 at 19:09 UTC ( #161399=note: print w/replies, xml ) Need Help??

in reply to secure CGI: books and examples?

1 & 2. Why not use GET and POST over https? For a non-web-based solution (assuming the server is Unix/Linux), you might use scp (part of ssh)? ssh clients are easy to come by, and since the admin process is normal user management it might be easier than trying to web-fronted all that stuff (especially from scratch). The ssh tools are in widespread use too, so that gets to your "bulletproof" point. Just a thought.

If you don't want to offer raw shell access, you could write a pseudo-shell for your clients/users (perhaps even in Perl). Something like KISS, or other menu-driven login. There's no reason users require access to BASH or KORN shells, after all.

3. I don't keep up on what's available, so no comment.

4. You can theoretically expire a cookie on the client side, you can also put a session ID into the cookie and track that, along with a time-limit, on the server side. In a stateless protocol like HTTP you're not going to be able to do a strict timeout, so this would be the next best thing.

  • Comment on (ichi) Re: secure CGI: books and examples?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://161399]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2018-04-23 10:16 GMT
Find Nodes?
    Voting Booth?