Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Answer: Login and CGI security problem.

by httptech (Chaplain)
on May 12, 2000 at 15:23 UTC ( #11262=categorized answer: print w/replies, xml ) Need Help??

Q&A > CGI programming > Login and CGI security ("open cookie jar") problem. - Answer contributed by httptech

It sounds like you're talking about the IE "open cookie jar" bug. If you're using IE, this could happen to you I suppose. It's definitely not a good thing to store usernames and passwords in cookies, but a lot of sites do it anyway.

The way I handle this problem is by using Apache's built in authentication modules. There's no information a hostile site could get from your browser (well, I don't know, IE seems to like to save passwords).

Anyway, the nice thing about letting Apache do the authentication step for you is that your scripts can just concentrate on the task at hand, instead of worrying about any holes you might have left in your authentication method. All you have to do is retrieve the $ENV{'REMOTE_USER'} variable and you can be pretty sure that's who you're dealing with.

  • Comment on Answer: Login and CGI security problem.
Log In?

What's my password?
Create A New User
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2018-06-21 11:27 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (118 votes). Check out past polls.