Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re^2: Basics: CGI MySQL security

by jfrm (Monk)
on Oct 12, 2006 at 21:28 UTC ( #577988=note: print w/replies, xml ) Need Help??

in reply to Re: Basics: CGI MySQL security
in thread Basics: CGI MySQL security

This is very helpful thanks. You see I didn't even know about this REMOTE_USER env var but now you've mentioned it, this gave me something to home in on.

I have now managed to find several pages of the sort that I needed to read, giving me the basics. In particular, for the record, this page is excellent.

So the answer seems to be that the choices are either to authenticate using basic http authentication or via cookies. Cookies means doing some of the authentication work myself and from my perspective is therefore to be avoided. http has some pitfalls but they can be worked around. Having authenticated, I can use the REMOTE_USER variable in my script and using the ideas of mapping to roles above can then get my scripts to display different things according to the role being used.

That is good enough for the basic effort I have in mind but of course I will also take note of the advice given above on SQL injection and user paranoia.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://577988]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2022-05-25 04:56 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (84 votes). Check out past polls.