Why not use session management so people have to log in to use the service? Its easy to build yourself, or even easier if you want to download a module to do it for you.
whatever you do, use perl -wT, and *dont* put any JS in webpages to encrypt anything. All passwords should be stored server-side with some kind of one way hash (md5, sha-1 (i prefer hashing over encrypting as you dont need to leave a key lying about somewhere). The incoming password is then, captured, untainted, encrypted and compared to the one that is stored.
If possible, put the backend storage machine on a private network so it is harder to get to, (but that may be over kill in your situation.)
As a rule untaint *everything* that is coming from outside your script (which is what -T actually enforces)
By far the easiest method of doing this is have one script that accepts a password, and conditionally on the password being correct, it will pump out the right information.
The downside is it is *so* unscalable, and you need to re-enter the password each time you want to review the information
Just the disjointed ravings of a crazed lunatic.
In reply to Re: cgi and https (mildly off topic)
by Ryszard
in thread cgi and https (mildly off topic)
by coolmichael
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |