Thread: security

    #1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    brussels
    Posts
    7
    Rep Power
    0
    hi everyone,

    I am using perl and mysql and since one month searching for a security script to secure my page.
    What I need is I have to call a script(I have written the connection to mysql part but I can not send the result to http://myname.com/cgi-bin/myname.cgi...variable2&.... ) with a ID and it has to look the ID in my database, get the results and then send it to another cgi like: http://myname.com/cgi-bin/myname.cgi...variable2&....
    This is to prevent people seeing my source code so they can not change my data sending to the script.
    Could anyone help me with this topic.
    Thank in advance...

    ------------------
  2. #2
  3. No Profile Picture
    ledjon
    Guest
    Devshed Newbie (0 - 499 posts)
    I don't quite understand what your asking here. If this is data being sent from a form, use the POST method. Other than that, I don't understand.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    35
    Rep Power
    15
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by mashadi:
    What I need is I have to call a script(I have written the connection to mysql part but I can not send the result to http://myname.com/cgi-bin/myname.cgi...variable2&.... ) with a ID and it has to look the ID in my database, get the results and then send it to another cgi like: http://myname.com/cgi-bin/myname.cgi...variable2&....
    [/quote]
    What it sounds like you need to do is consolidate your code into a single page, make a call to the database to retrieve the id then feed it into a second stage (what you currently have as the second cgi).
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>This is to prevent people seeing my source code so they can not change my data sending to the script.
    [/quote]
    Umm... not quite sure what you mean here, but as long as the permissons the file are set right and the webserver is configure properly people can't read your script, they only get the output. If you don't want them to see particular variable values then you need to build sessions so they get a cookie with an ID and you store the variables server side.

    HTH
    Marty


    [This message has been edited by supine (edited July 24, 2000).]

IMN logo majestic logo threadwatch logo seochat tools logo