I don't want to turn this node into a discussion on web security but...

Here's my setup:

• Password is stored encrypted using the crypt function w/ a random key in a file on the server outside of the public-viewing.
• User enters pass in a form.
• Password is sent to the server in plaintext (not good)
• Server encrypts the user's entered password and makes sure it matches the one in the file
• Server sends cookie to browser that contains encrypted password
• Each time the user wants to go to a different part of the admin, the server checks the password in the cookie to make sure it's correct.

I know this doesn't sound very secure, so I'll look into some of the other methods discussed.

Never fear, these things become second-nature after you work with the Web for a while :)

I'm kind of seeing that...I've come far since I started doing CGI, but I know I have a lot more to learn.

Joshua