Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re: Re: Re: Re: CGI Security

by ant (Scribe)
on Jun 22, 2001 at 19:34 UTC ( #90758=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Re: CGI Security
in thread CGI Security

Hi Mirod
Thanks for the brief explanation. It's cleared up a misty
point or two. Just a thought on the last paragraph really
if a legal user came in to the directory through .htaccess,
then they could enter someone elses username into the web page
and submit that file, which makes .htaccess a little useless
against legal users playing around with user names.
Unfortunately user names are very easy to pick up through
our organisation, as they are the same as the individual email name.
I think the one way forward is to create a timestamp/username
variable and enter that into a table/file when the user enters the
system and to remove it after the person has left. Then
when a person enters a web page, we take the user variable
and check it against the user variable in the table/file.
That seems like a more workable solution to me
Many thanks for the info.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://90758]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (5)
As of 2023-09-28 17:17 GMT
Find Nodes?
    Voting Booth?

    No recent polls found