Novician has asked for the wisdom of the Perl Monks concerning the following question: ⭐ (cgi programming)
Let's say I login on the browser, and click a few times here and there on the web-server to do stuff. Then, I get distracted and go to a webmail site to retrieve and read my mail without closing the current browser. One of the messages has a link to an "evil" website, having malicious scripts, etc. When I click on the link, information about which websites I had visited before, my IP, etc., will be sent to the "evil" website. Using that data it's able to do malicious stuff on the server I visited last, since I had already logged on before. The "evil" website will be able to send commands to the server as me!
So, my question is.... How do you, webmasters, solve or prevent this problem? Is there a better way than prompting the user for their login ID and password everytime they go to restricted area on the web server, or webpage?
Originally posted as a Categorized Question.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Login and CGI security problem.⭐
by httptech (Chaplain) on May 12, 2000 at 15:23 UTC | |
Re: Login and CGI security problem.
by Anonymous Monk on Apr 04, 2003 at 09:17 UTC | |
Re: Login and CGI security problem.
by turnstep (Parson) on May 12, 2000 at 19:42 UTC | |
Re: Login and CGI security problem.
by chromatic (Archbishop) on May 12, 2000 at 20:51 UTC | |
Re: Login and CGI security problem.
by DarkSniper (Initiate) on Feb 17, 2003 at 12:30 UTC | |
Re: Login and CGI security problem.
by DarkSniper (Initiate) on Feb 17, 2003 at 11:40 UTC | |
A reply falls below the community's threshold of quality. You may see it by logging in. |
Back to
Seekers of Perl Wisdom