|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
February 20th, 2001, 10:23 AM
|
|||
|
|||
Is there a way to have a cgi/perl script perform authentication itself, rather than have access dictated by the web server/OS?
For example, let's say you have a page called "what.pl" - and when accessed, a normal webpage is output to you. when you append "?edit" to the url (what.pl?edit) you are presented with a form to edit certain text areas that appear on the webpage output by 'what.pl'. The idea is editable SSI's pretty much. So, what I need to do is authenticate access to the edit part of this script - so, that when a user types in '?edit' - they are asked for a username/password before being allowed to edit the page. This script is running on a win2000/IIS server. any and all help appreciated. cheers, josh
|
|
#2
February 20th, 2001, 10:34 AM
|
||||
|
||||
I think the easiest way to approach this, is when they are presented with this "edit" page, that you include a "username and password" field in the edit form. So they must authenticate before being allowed to process the edited information. If they do not have access to this edit page, the script will not allow the process to proceed.
 Is this what your trying to do ?? Mickalo
__________________
Thunder Rain Internet Publishing Custom Programming & Database development Providing Personal/Business Internet Solutions that work!
|
|
#3
February 20th, 2001, 10:45 AM
|
|||
|
|||
sounds right!
sounds like this is what will work... thanks Mickalo!
the one question I have with this approach is, are there any security concerns in doing authentication this way? I have done some looking around and in the tutorials/etc. I have seen, people appear to frown on doing authentication within CGI scripts. However, other than avoiding the simple pitfalls of not using the GET method, and not using cookies - are you aware of what else would weaken this approach? thanks again, josh -thanks for the speedy reply too
|
|
#4
February 20th, 2001, 10:56 AM
|
||||
|
||||
|
It all depends on how your retrieving the access information and from where(how it's stored on the server). And how sensitive is the material that is presented to them, would also determine the best approach for handling the security issues.
If they must enter their access information into this edit form, before processing, the method used would POST, and not GET. Also what programming are using to handle the process? Many issues to consider before really jumping into it. Another approach is to set up some sort of pre-registration to assign the access information and checking, prior to approving and sending out access information, is to first verfiy who they are! There many "Checks & Balances" that can utilized with this.Mickalo
|
|
| Viewing: Dev Shed Forums > Programming Languages > Perl Programming > cgi/perl authentication |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
