|Do you know where your variables are?|
Basics: CGI MySQL securityby jfrm (Monk)
|on Oct 08, 2006 at 22:58 UTC||Need Help??|
jfrm has asked for the wisdom of the Perl Monks concerning the following question:
I have a website that allows viewing and modifying of a MySQL database using PERL CGI scripts and I haven't a clue how to do the security.
People who don't log in should only be able to see limited parts of the data. Others should be able to login and view all parts of the data. Trusted people should be able to login and modify the data.
This is basic stuff and obviously my PERL scripts have to be involved as they must know the identity of the user in order to allow the correct access and show the appropriate forms. But is the identity given to them via .htaccess basic website security, MySQLs own user/password security or perhaps I should ignore both those and write all the user/password stuff within the scripts? Or maybe there is a 4th option I don't know about?
There must be tutorials and guides available on the Internet - but I must be searching using the wrong keywords because I can't find any straightforward instructions giving best practice.
Either advice or a pointer to a website explaining the best approach would be very much appreciated...