|
in reply to Security issues
You will most likely get many responses, but I'll speak in generalities and allow the 'elders' in this community to point you to specifics, since I know of only a few.
First off, read the perldoc perlsec - all about security in general in Perl. Next do a super search for ssecurity, and watch the links flow. That's the basics of the reading you'll have to do.
Now for the basic concept. You will need to utilize a database, or a text file that will log when someone has logged in. Every time your script is run, the FIRST thing you do is to check it against who is currently logged in. If someone is logged in, then you ignore the request.
For simplicty sake you can use a simple text file. In that text file store the username that the person logged into as, the IP address and a session ID (there are lots of good ways to do a session ID... MD5 is one way, but again just do a search on Session ID and read awhile.) Each time someone logs into your system, and everytime the script is run, re-verify that all three 'keys' are the same (Session ID, Username, and IP.) This should allow you to ID a user logged in.
Next step, (if you're using a text file) would be FLOCK. Lock the file until the person logs out, or until a certain amount of time has elapsed... just incase they don't logout, or have a crash etc.
Hopefully this will get you thinking along the right track. I also expect to have many people give you differing opinions, so pick the best from all of our responses and good luck!
- Mission
"Heck I don't know how to do it either, but do you think that's going to stop me?!!"
|
