Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

SF_form_secure

by SFLEX (Chaplain)
on Oct 23, 2006 at 11:34 UTC ( #579995=sourcecode: print w/replies, xml ) Need Help??
Category: Web Stuff
Author/Contact Info SFLEX (sflex@cpan.org)
Description: Module Link, Current version is 4.0:
http://cpan.uwinnipeg.ca/dist/SF_form_secure
Edited 2! 10-29-2006
I changed this post because lots of ppl here must have A.D.D.

Link to Better documentation.
Re: SF_form_secure

More Examples.
SFLEX's scratchpad
I am now working on a 5.0 that will use parts of CGI::Util for the experation time and fix a bug in action 5 that returns the version if the matching code is blank.
Still trying to put together more documentation for this code so one can use it the right way.

What are you waiting for?
Start using it!
Befor that A.D.D. sets in.
Replies are listed 'Best First'.
Re: SF_form_secure
by gellyfish (Monsignor) on Oct 24, 2006 at 11:31 UTC

    I get nervous when I see HTTP_REFER and (unqualified) security mentioned together.

    Leaving aside the fact that the Referer header is trivially spoofed in a client, many "personal firewalls", proxies and other internet security software will remove or otherwise anonymise the the Referer header: the HTTP Specification makes the suggestion that it might be removed.

    Beyond that it's not exactly clear how this might be used.

    /J\

      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: SF_form_secure
by blazar (Canon) on Oct 23, 2006 at 11:59 UTC
    Load the module require SF_form_secure; --------------------------------------------------------------------- +---------- Set page up for self encoding if encoding is missing 3 - is the action type $key - Must Provide a secret key. 'op=testForm;module=Flex_Form' - to work, must provide a matching sel +f link '' - not used for this action '' - Minutes code will expire in 1 to 99, blank is off.. 'ip' - use Remote IP in encoding, blank is off. my $sec_self = SF_form_secure::x_secure('3', $key, 'op=testForm;modul +e=Flex_Forma', '', '', 'ip');

    [snip]

    First of all... I can see some perl interspersed there, but is this supposed to be Perl code?!? Or am I missing something? Didn't you by any chance loose a whole bunch of comment signs along the way?

      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: SF_form_secure
by SFLEX (Chaplain) on Oct 25, 2006 at 23:29 UTC
    Better info!

    Ahhh... never was good at explaining how my stuff works. did you look in the example folder?

    Data integrity with expiration for forms, links, cookies or other things.

    Low security will stop url tampering and is nice to search engine ranking
    if you do not use the expire, ip in encoding or an unique key for each user.

    Remember if a method that prevents others from access to ones link encoding is used,
    will heart that pages search engine ranking.

    For some areas of your web portal when using Methods that prevent others from using
    once links is applied (mainly for Admin and/or Member areas of the site)
    can stop form hijacking and link hijacking witch for some web portals can give the
    attacker control over Admin and Member accounts.

    With the new action 4 and 5 one can have full control with when a cookie expires,
    because the cookie expirations are stored in the users
    browser and can be changed. the expiration encoding and a little extra perl code can be
    used to replace the cookies old expiration method to one that will always work.
    These two new actions are also good for securing data in hidden form field with or
    without the expiration and other setting.

    The Referer check 1 will check the Referers encoding witch was the last encoded QUERY_STRING,
    if it matches the current QUERY_STRING, has a length of 1024 and if from the QUERY_STRING's domain.
    Matching the Referer can match a Referer of any domain provided.
    Using any of these Referer check can prevent users from spoofing there referer, Most web masters
    Do not check the Referers because many people use referer spoofing and do not want to give it up.
    So if you want to loose members or convince them not to spoof referers on your site, is up to you.

    When one has mastered this module they will see the may possibilities it has to offer.
    Secures Form: hijacking, url/data tampering and gives control for data to expire.
    Could offer other securitys.
Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://579995]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (7)
As of 2019-12-10 11:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?