I may be missing the boat on this one, but how are you submitting input to your cgi?

As a matter of philosophy, if you have the option, always use POST instead of GET. I believe POST doesn't show parameters in the 'Address' bar or the logs (not good if you are submitting passwords as parameters).

On a side note, if this is a public server, you may want to change the name to 'entrance.cgi' or something similar. We have had plenty of instances where a script kiddie scans our servers for anything beginning with login (login.cgi, login.pl, login.cfm). This is a precursor to attack, and can be a possible headache. You should take the temptation away and rename it something benign.

if you have any other questions, /msg me and we can talk about it.

J. J. Horner

Linux, Perl, Apache, Stronghold, Unix

jhorner@knoxlug.org http://www.knoxlug.org