Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

CGI application

by Anonymous Monk
on Feb 14, 2011 at 16:49 UTC ( #888027=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I have two websites. one has a login page with associate IDs. I would like to relay associate IDs through the website without the login page. e.g if the website with loging page is www.xyz.com. If I want to reach this website throught the site without login, when I click the link www.xyz.com, it displays something like www.xyz.com?uid=tom&pwd=uy877.Perl CGI application can do this, but I'm new to Perl and I don't know where to start from. Could someone point me to the right direction. Thanks

Comment on CGI application
Re: CGI application
by toolic (Chancellor) on Feb 14, 2011 at 16:56 UTC
Re: CGI application
by fidesachates (Monk) on Feb 14, 2011 at 18:01 UTC
    Small tidbit: You probably don't want ?uid=tom&pwd=uy877 to show up in your url. It's unsafe for many reasons. Don't use GET when you're dealing with sensitive informatino or changing databases. Use POST.

      From a security point-of-view POST and GET are more or less the same. While it is true that POST doesn't show information via the URL, it exposes the same information as a GET in the actual network communication. Some would say using usr/pwd over http is completely unsafe. If security is an issue you better use https, sufficient for most purposes.

      Cheers

      Harry

        Absolutely true. I hadn't considered man in the middle or arp poisoning type attacks where the intruder will actually see the payload of the packets.

        However, what POST protects against is for instance if a website uses a form to reset a password "www.company.com?resetpw=1". Any bored teenager can get unsuspecting users to click a link with that hyperlink embedded and reset that user's password. Obviously there are more dangerous examples than what that one, but it is this type of "attack" that POST will prevent in that the action is not present in the url.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://888027]
Approved by toolic
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2014-12-27 07:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (176 votes), past polls