CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
Forum

 



Pro_4
User

May 24, 2001, 2:43 PM

Post #1 of 5 (511 views)
Forum Can't Post

Hey,
I was just wondering, I am creating my own forum for my page and i was wondering when members sign up you make a datafile on them with their password and another other user info. I tested with the datafile with a extension of .txt and then i realized if they viewed that folder and clicked on it they could view the users password. So what is the recommend file extension for protected information and is there any difference in setup of that file extension , as in when i changed the file extension to .dat it couldnt read it and when i checked it it had a black square where there was supposed to be a new line.

Thanks :)


People Engrossed by a Reliable Language


freddo
User

May 24, 2001, 3:21 PM

Post #2 of 5 (509 views)
Re: Forum [In reply to] Can't Post

Hi Pro_4,

You can:
1) put the file in a directory not accessible thru your web server
2) modify an .htaccess file so nobody can access to your dir
3) name that file kjlsdfgjk.jhdj (hard to guess, no?)

I recommand you check Fravia'site about cgi cracking. And this article, and you'like this one too.

freddo

;---
Real programmers´butcher dont understand when they just ask for 3735928559.


randor
User

May 24, 2001, 4:44 PM

Post #3 of 5 (504 views)
Re: Forum [In reply to] Can't Post

freddo has good points, but to add to his statement,

my advise is ALWAYS put any data files in your cgi-bin. use this as the rule.. even though the info may seem useless, you never know when you might accidently put the national security at risk by placing something mundane in your public html folder and some kid goes in and starts World War III with it..

just a bit of advise...

Randor



freddo
User

May 24, 2001, 4:54 PM

Post #4 of 5 (503 views)
Re: Forum [In reply to] Can't Post

Btw Pro4,

Also consider to store the MD5 hash of the password instead of keeping the pass, so if someone steal the file, he need to guess the pass (not impossible, and quite easy with dictionnary attacks, but it makes things harder).

later
freddo

;---
Real programmers´butcher dont understand when they just ask for 3735928559.


Pro_4
User

May 26, 2001, 8:44 PM

Post #5 of 5 (483 views)
Re: Forum [In reply to] Can't Post

Alright thanks.

BTW you know how when you type the brakets around smile you get a smilie face. Is this the code that would work to do that?
#lets say $post is the information in the post
#i had to take out the brackets for you to see #what i am talking about
$post =~ s/smile/<img src="smile.gif">/g;
print $post;

I think that would work but i am not sure if that is the correct method.

People Engrossed by a Reliable Language

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives