Re: CGI Password

I'm definitely no security expert myself.. but a suggestion in addition to using crypt might be..

to use SSL to encrypt the pasword transfer from browser to webserver.. although not essential for a home/family setup, I can't imagine most business related sites not offering that option..HTTP sends everything in plain text, so anyone with a sniffer can simply lift your password off the wire, as it were....

this is one of the places to start, if you want to see a real implementation, a bit dated, but still holds true for lots of sites, I think.. also read "A guide to web authentication alternatives", given in the references section...
HTH

Comment on Re: CGI Password

Replies are listed 'Best First'.
Re^2: CGI Password by worik (Sexton) on Jul 10, 2015 at 00:56 UTC
"A guide to web authentication alternatives" is a dead link. Perhaps this is better. I have not examined closely	[reply]
Re^3: CGI Password by hippo (Bishop) on Jul 10, 2015 at 08:53 UTC
A quick perusal of the wayback machine shows the new home of A Guide to Web Authentication Alternatives by Jan Wolter. Do please note the dates - this document was written in 1997 and last revised in 2003. While it does give a useful grounding in some of the technologies, don't expect it to reflect the state of the art.	[reply]

In Section Seekers of Perl Wisdom