CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Intermediate:
getting past .htaccess



Aug 12, 2000, 8:18 AM

Post #1 of 1 (594 views)
getting past .htaccess Can't Post

Hello. All comments on the security of the following system would be greatly appreciated. In particular, could .htaccess be avoided using FTP or something?

(As far as I know only the user (me) has FTP and telnet access to the server, but if anonymous FTP was allowed would .htaccess eb useless against it?)

I have protected a directory on my site using .htaccess.

The index page of the main site has a login form. On submission the password is crypt()ed and if the username/password pair has a match in my passwords file (kept in the .htaccess directory) then a cookie is set with a random number in it (13 digits). The same random number is written into a session file for the user inside the .htaccess directory.

Another script will, if the value of the cookie matches that in the session file, read the contents of a file in the protected directory and send it out to the browser.

The file reading script will only accept letters, numbers, the underscore, a single slash, and a single dot as characters for a valid path, and the script constructs an absolute path to the file.


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives