password protecting directories

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I can create a basic password script without a problem but I want to add a little twist to it. I want each user to have a $user, $pass, $loc wheras $loc would be their own file they are refered to (or directory as the case may be). Essentially I want to setup all my chat convos so each of them can see what we talk about so I need each of them rederected to their own page. EASY ENOUGH.

What I don't understand is how I could password protect the directories because if I just use http://www.page.com/cgi-bin/logs/$name everyone will know how to access eachother's files. How can I make a password script redirect a user to their own password protected diary? Would I need cookies?

I've never worked with security before so any help would be much appreciated.

Comment on password protecting directories

Replies are listed 'Best First'.
Re: password protecting directories by tachyon (Chancellor) on Apr 14, 2003 at 10:00 UTC
Google for .htaccess and .htpasswd. They do what you want under Apache. Here is one tutorial to get you started cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]
Re: password protecting directories by Abigail-II (Bishop) on Apr 14, 2003 at 10:01 UTC
Ehm, if you never worked with security before, do you really think it's a good idea to implement everything yourself, instead of using what's available in your webserver? Abigail	[reply]
Re: password protecting directories by cbro (Pilgrim) on Apr 14, 2003 at 12:58 UTC
I completely agree with tachyon's and Abigail-II's responses. So, if you haven't already, first implement your protection via htaccess or whichever security measure your webserver provides. However, if afterwards you want to learn a little about security...try using cookies (they're fun). I have seen a great cookie module written by eresei that implements blowfish encryption to provide security to several protected web utilities. BTW, there are several accepted ciphers to the Crypt module, not just blowfish. So again, after you get htaccess (or similar) protection set up...you may want to study up on some encryption schemes and try using cookies. You'll probably better understand security and security related issues/concerns, and you'll learn a new subset of Perl. Chris Update: Sory for the misspell erasei	[reply]
Re: password protecting directories by Coplan (Pilgrim) on Apr 14, 2003 at 17:34 UTC
Rather than try to protect the directory, maybe you want to work on encrypting the contents of the file. Maybe you want to look for an MD5 module such as Crypt-PasswdMD5 or some other encryption module. For that matter, if this is a unix system, and everyone has their own account, you might just want to check against the unix password file. You'd need some modules to help you read it, but it could be done. --Coplan	[reply]