Re: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

There are many problems with what you are doing, but the worst is working with plain text passwords. Never, ever, for any reason store plain text passwords, especially paired with user names!

A fairly light weight technique that is much more secure and needs very little extra work is to store a cryptographic hash of the password combined with a seed (often the user name can be used as the seed). To check a supplied password use the same hash process that was used to generate the hash originally then compare the two hash codes.

use strict;
use warnings;
use Digest::MD5;

print Digest::MD5::md5_hex("username" . "SamplePassword");
[download]

Prints:

c0075ad4e26ec3dee225ccb6387b0b77
[download]

Optimising for fewest key strokes only makes sense transmitting to Pluto or beyond

Comment on Re: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file Select or Download Code

Replies are listed 'Best First'.
Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by theravadamonk (Scribe) on Sep 26, 2018 at 10:17 UTC
Hi Grandfather, Thanks for your effort. I want to understand what you say since it is beneficial for me What do you actually say? I included encrypted password in /tmp/password.txt file in following way. `username,c0075ad4e26ec3dee225ccb6387b0b77` [download] Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why? But, IF I input USERNAME as username and PASSWORD as c0075ad4e26ec3dee225ccb6387b0b77 , it will work.. Is it the way? > To check a supplied password use the same hash process that was used to generate the hash originally then compare the two hash codes. How can I do it? Pls help me to complete the code with security.	[reply] [d/l]
Re^3: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by marto (Cardinal) on Sep 26, 2018 at 10:31 UTC
"Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why?" Because you're comparing 'SamplePassword' against 'c0075ad4e26ec3dee225ccb6387b0b77', which isn't the same string. "How can I do it? Pls help me to complete the code with security" Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored.	[reply]
Re^4: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by theravadamonk (Scribe) on Sep 26, 2018 at 11:00 UTC
Hi Marto Thanks for coming back. you have helped me many times. > Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored." what's this same process? It's Still a nightmare to me. This is the code `print Digest::MD5::md5_hex("username" . "SamplePassword");` [download] how to write the other way? I think this is NOT the way. `print Digest::MD5::md5_hex("username" . "c0075ad4e26ec3dee225ccb6387b0 +b77") ."\n";` [download] hope to hear from all	[reply] [d/l] [select]
Re^5: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by marto (Cardinal) on Sep 26, 2018 at 11:13 UTC
Re^6: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by theravadamonk (Scribe) on Sep 27, 2018 at 05:09 UTC
Some notes below your chosen depth have not been shown here
Re^5: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file by hippo (Bishop) on Sep 26, 2018 at 11:23 UTC


Welcome to the Monastery
	PerlMonks