comment on

This is very helpful thanks. You see I didn't even know about this REMOTE_USER env var but now you've mentioned it, this gave me something to home in on.

I have now managed to find several pages of the sort that I needed to read, giving me the basics. In particular, for the record, this page is excellent.

So the answer seems to be that the choices are either to authenticate using basic http authentication or via cookies. Cookies means doing some of the authentication work myself and from my perspective is therefore to be avoided. http has some pitfalls but they can be worked around. Having authenticated, I can use the REMOTE_USER variable in my script and using the ideas of mapping to roles above can then get my scripts to display different things according to the role being used.

That is good enough for the basic effort I have in mind but of course I will also take note of the advice given above on SQL injection and user paranoia.

In reply to Re^2: Basics: CGI MySQL security by jfrm
in thread Basics: CGI MySQL security by jfrm

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Think about Loose Coupling
	PerlMonks