(Ovid) Re: Encrypting or Hiding Certain Info in a URL

Generally, you shouldn't be asking for passwords this way. If you're on a *nix system, you can try using an .htaccess file to restrict users, or put the Web page and scripts on a secure server to guarantee that the information is encrypted.

If you go with the scripts on a secure server, use the post method so that data is passed seperately from the URL. Otherwise, users may simply bookmark their login information which would allow anyone with direct access to their machine to see their password in the bookmark.

Cheers,
Ovid

Comment on (Ovid) Re: Encrypting or Hiding Certain Info in a URL

Replies are listed 'Best First'.
RE: (Ovid) Re: Encrypting or Hiding Certain Info in a URL by Ugly (Beadle) on Aug 03, 2000 at 12:51 UTC
Of course it's not just *nix systems where you can use .htaccess and you'll also find ways of using the server to restrict access with almost any (modern) web server. Apache Week has a nice article on this, which has no direct Perl relevance, but a subsequent article on DBM User Authentication does contain Perl code. In the end the option you chose should reflect the amount of security you actually need. Ugly	[reply]

Replies are listed 'Best First'.

RE: (Ovid) Re: Encrypting or Hiding Certain Info in a URL
by Ugly (Beadle) on Aug 03, 2000 at 12:51 UTC

Apache Week has a nice article on this, which has no direct Perl relevance, but a subsequent article on DBM User Authentication does contain Perl code.

In the end the option you chose should reflect the amount of security you actually need.

Ugly

[reply]