Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

by theravadamonk (Scribe)
on Sep 28, 2018 at 08:08 UTC ( #1223208=note: print w/replies, xml ) Need Help??


in reply to Re: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
in thread with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

"storing your passwords.txt in /tmp isn't wise"

I move it to /etc/httpd/password.txt

"You don't set a session"

how to set a session? Pls guide me. I will add it.

"see CGI::Alternatives."

What Can I get from it to enhance the code?

I am runnig Apache with http. If run it with httpS and self signed certificate , Will it be better?

I am also trying to add "onclick"funtion to my below login.html file to a give error message, if wrong inputs were entered. I am currently having them in login.cgi code. which way is better?

<INPUT TYPE = "SUBMIT" VALUE = "Enter">

I am some miles away from completing a nice and secure code..

I hope perl monks will come up with their views..

  • Comment on Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
  • Download Code

Replies are listed 'Best First'.
Re^3: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
by marto (Cardinal) on Sep 28, 2018 at 12:13 UTC

    "I move it to /etc/httpd/password.txt"

    Also consider permissions, who else can get access to this file? I tend to keep this sort of thing in a database.

    "What Can I get from it to enhance the code?"

    Well it contains a lot of advice which you shouldn't ignore, examples of sane ways to approach such problems in modern frameworks.. Developing secure web applications isn't easy. What you have right now is a splash page redirecting those with a valid username and password to another page, which has no authentication on it whatsoever, nothing to stop anyone emailing the URL to someone else, who would be able to see it without any login details.

    CGI::Alternatives suggests other ways to achieve what you're actually trying to do, which will make your life easy if you take the time to learn the basics of what you're doing, rather than trying to implement something where security is "a MUST" without understanding such things. One of those is Mojolicious, which has fantastic documentation, you should pay special attention to the Basics. Tutorial gets you started. Growing goes on to show (wait for it) an example of how to implement an application which requires users to login. Finally HTTPS, for sure, https://letsencrypt.org/ may be of interest.

    This requires you to invest time in yourself, learning how to achieve what you want and what the tools available to you do. Modern frameworks make life easier. It's not the mid 1990s anymore (thankfully).

    Update: Fixed some typos.

Re^3: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
by hippo (Bishop) on Sep 28, 2018 at 08:56 UTC
    I am runnig Apache with http. If run it with httpS and self signed certificate , Will it be better?

    Yes it will because then your users' passwords will not be sent over the wire in the clear for any malefactor to read. It would be better still if your certificate were not self-signed.

    I am also trying to add "onclick"funtion to my below login.html file to a give error message, if wrong inputs were entered. I am currently having them in login.cgi code. which way is better?

    Both is better. Having it on the front-end prevents unnecessary round trips. Having it on the back-end too allows handling for those with javascript disabled.

    Note that neither of these questions have much to do with Perl. You might benefit from reading up on the general basics of web server (and web application) security first.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1223208]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2022-01-19 21:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (56 votes). Check out past polls.

    Notices?