Home: Need a Custom or Prewritten Perl Program?: Throw Down The Gauntlet:
Perl Security


Jun 21, 2000, 1:29 PM

Views: 5844
Perl Security

I have an unix based application and I am trying to view the application details through a browser which are coming from the application's backend database.

I have unix level userid and passwords for this application and how do I authenticate the userid and password from the browser to update/add/delete the data in the application. The authentication should hold good for the entire transaction(i.e logging out of the browser).

Thank you in advance


Jun 27, 2000, 12:40 AM

Views: 5844
Re: Perl Security


I use mySQL for all my database needs. I have a session table and a user table.
When some-one logs in I scan the user database and if found I create a random session number.
I then expire cookie and create a new cookie and set it to "user=sessionid", I then log in the database the user and session and time.
Now All I do is call a routine that splits the cookie and searchs the session database for the user and session. If found I then
check if the login in time is not older than 20 mins else he must log in again. This is one way of doing it.

The 2nd is using the .htaccess file. There is a great script at
http://solutionscripts.com/warehouse/access_denied/index.shtml . This should be able to help you.

Jason Peixoto