Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: CGI Session 'security' for in-house app.

by arashi (Priest)
on Jul 06, 2001 at 00:29 UTC ( #94259=note: print w/ replies, xml ) Need Help??


in reply to CGI Session 'security' for in-house app.

I asked a similar question a while back. There were many great responses, I found one of merlyn's columns (Web Techniques Column 61 - May 2001) in his The Web Techniques Perl Columns to be very helpful.

I think you're on the right track. Here's what I think would be a good approach to the problem:

  • Users login to the system.
  • The system validates the user's name and password and assigns a session key into a cookie and a log file. (see merlyn's column)
  • Every time the user goes to a page, the CGI checks the cookie and compares it to the log file, if the user is valid, it will render the page. If the user doesn't validate, the form won't even render for them. This should stop any wandering users for "accidentally" finding a form and submitting data to it.
Hope this helps.

Arashi

I'm sure Edison turned himself a lot of colors before he invented the lightbulb. - H.S.


Comment on Re: CGI Session 'security' for in-house app.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://94259]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (8)
As of 2014-09-02 10:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (21 votes), past polls