Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I really appreciate all the advice I've been given. Not sure what the proper way is to respond to so many people all at once so I'll just try this. If it doesn't fly, I'd like a pointer on the right way ;)



I temporarily installed and ran PerlDiver to see what modules I have available to me. I have MD5 but not SHA1. I guess I'll have to dig in and get that installed. Currently, there's a bug (not written by me :p) that actually allows registered users no password for their login! Needless to say, I was kind of surprised at this design choice, but oh well. There's a second ID hash in the cookie that ties the user in with the ID, but it isn't actually used to validate users the same way a login/password does. That's going to get fixed ASAP. At this moment, I don't really care if I implement MD5, install SHA1 then switch over. Registration is going to require a valid eMail and new passwords can easily be sent out. Which brings me to my next point, the thought of decrypting passwords and sending them out if people forget never actually occurred to me. But as I think about it, it's probably best to go with one way hashes and send out new passwords to valid eMail accounts any ways.
Unfortunately, I still haven't figured out how to create a secured SSL connection to the site. But I figure it's only a matter of time, a lot of searches, and reading before I come across the answer. If only I can stay focused and not be distracted so easily. Hey, look what I found on eBay!



Actually the script will likely be running as the web server default user so anyone that hacks the server via a badly coded CGI will have access to that dir.
Sadly, I don't have any books on that topic. Or rather, they cover CGI security rather vaguely. What constitutes a badly written CGI and how might I find out? I've usually written things that are used internally where the source code is open (i.e. not mine) and never released to the public. So software security was a topic that never really came up. Is there a decent site or book that you recommend I can study up on this? I'll do a search on Perl Monks to see what bubbles up. Thanks for bringing that to my mind, I would've forgotten during the data conversion. Actually, to tell the truth, I did forget. :-\



Thanks for all the suggestions and heads up. It seems I forgot more than a thing or two about things I should've been thinking about. Well... that's what's so great about Perl Monks. That and all those brains I can poke at.

Is it fair to stick a link to my site here?

Thanks for you patience.


In reply to Re: Ecrypting passwords by SavannahLion
in thread Ecrypting passwords by SavannahLion

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others taking refuge in the Monastery: (3)
    As of 2021-04-22 02:18 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found

      Notices?