Nov 6, 2001, 10:16 AM
Post #3 of 5
Well, there is one problem with a CGI application.
You propertly know it, but I tell it anyway to explaiin anything below this BLOCK of text.
a user requests GET script.cgi?show=login
The webserver executes the cgi script, returns the html-page-result to the browser. The connection is closed by the webserver.
b. user fills in the password in the recently received page, requesting POST script.cgi action=login user=(id) password=(password)
The webserver executes the cgi script, print a html page telling you're logged in. The connection is closed again by the webserver.,
c. user enters a document, located at script.cgi?show=topic&page=1&topic=1
The browser connects to the webserver, the webserver executes the cgi script, returns the html page, and the connection is closed again.
That's the case with CGI programs
Do you see the (little) problem here?
A HTTP connection is created everytime you request a page.
- How does the webserver know the one connecting is still the same guy??
- How Do I know it's you, logged in with user/pass?
- Why should it believe the member is logged in when the browser only supplies the member-id cookie? Anyone can do that, and that means we doesn't have to login and validate via our system.
Anyway, if you login as administrator, the cgi script validates your login/password at every request, so it really knows it is still the admin.
That why I am using cookies
If you have a alternative, I would be very happy. I don't want to see the password in the address bar, so I use a cookie. What kind of approch you choose, the browser has to supply 'something' at every time it connects to the browser.
What's on with the crypt() function? I though you couldn't decrypt it (perldoc said so). You really need to run a program testing all possible combinations of a password + crypting-key, then testing whether the result is the same as stored in the .mbr file.
You recommend the Digest::SHA1 module. Can I simply put it in a folder (at my webserver), and point to that folder with a use lib 'foldername' code?? I can't install the modele at the webserver off course.
Yet an Other Perl Programmer
Find out more about programming