XP is just a number | |
PerlMonks |
Re: CGI securityby wolfi (Scribe) |
on Mar 12, 2004 at 18:11 UTC ( [id://336226]=note: print w/replies, xml ) | Need Help?? |
i have to concur w/the other two posters - if they're in a 'secure' area of your site - ya gotta go w/cookies. some other thoughts re: cgi-security - 1) cgi-bin shouldn't be in your document-root (this'll deter ppl browsing to it, like you said were happening) 2) change your request method in your script and form to POST. Get requests come appended to a query_string and in basically plain text (anyone lookin' over your visitor's shoulder could read their password in the link) - whereas POST requests come url-encoded via standard-input (STDIN). Also - POST requests aren't cached - which'll deter someone from using the back-button to access those files again. (If someone new were to hop onto the pc.) i'd also consider lookin' into some encryption (ssl, pgp or even crypt() w/generating or comparing passwords), if the visitor's info is sensitive (financial-related, etc). Ya don't want anyone stealing your customers' info - bad business Just some thoughts ;-) ps: ty swngnmonk - i actually needed a couple of those docs ya posted :-)
In Section
Seekers of Perl Wisdom
|
|