in reply to Re: Re: Passing a username/password from HTML to a Perl script
in thread Passing a username/password from HTML to a Perl script

I'm not a security expert, but have been around long enough to know what the problems are.

First, if your office staff are going to ftp the file, is the file going to be encrypted? Is it going to use ftp-ssl? If not, the cc info can be captured during the transfer. There are some things you are just becoming aware of....

1. It's not just data on the computer which puts you at risk, its also the transfer of the data...search for network snoopers and you will have your eyes opened.

2. Saying "the data is only going to be there a short time" is a problem. Computer time is measured in milliseconds, and scripts can be written to grab things just that quickly.

3. Keep everything encrypted all the time, and even then you will have to worry about savvy sysadmins who will scrape data off of the memory, where you are using it unencrypted.

Anyways, as you can see, there is very little you can do to ensure security on a remote server. If you really need to be sure, get your own private server setup at your place of business, and keep it locked in a secure room, under a camera. If you can't afford to that, then keep everything encrypted all the way from the user-submit-form to your office staff ftp download. There are still holes in that method, but they can all point to the remote server sysadmin, who you have to trust. still holes in that method

  • Comment on Re: Re: Re: Passing a username/password from HTML to a Perl script

In Section Seekers of Perl Wisdom