Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

There are actually three distinct and unrelated(!) issues here:

  • Persistence:   This is actually the only thing that “sessions” do. By themselves, sessions know how to retrieve and store a vector of state-information, given a session-ID key, but do not validate the correctness of that key.
  • Authentication:   Determining, to your satisfaction, that the user actually is who he claims to be.
  • Authorization:   Given that you have determined that the user actually is who he claims to be, what can the user do?

Many web sites make the serious error of confusing “knowledge of a currently-valid (or even just properly formatted...) session-ID” with “being the properly-authenticated legitimate owner of that session-ID.” They also honor valid-looking GET-request URIs without first verifying that the claimed presenter of such a URI is in fact currently logged-in. It is painfully obvious that the owners and designers of such sites never stopped to “talk like a pirate... arrrrr!!!”

They never stopped to consider: “what if the person submitting an HTTP-request to my site was intentionally and willfully attempting to commit a felony?

In reply to Re: web authentication 2008 by sundialsvc4
in thread web authentication 2008 by cutlass2006

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (5)
As of 2024-04-18 04:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found