Why can't you use something like HTTP authentication? Passing usernames and passwords around in URL's and form fields seems kind of messy.

Update: Perhaps I should elaborate in light of the number of negative votes this post is aquiring: Since you say you have control over the CGI, I assume that extends to development. Passing passwords via URL strings like this not only allows prying eyes to see quite clearly what's going on, but it allows anyone peeking at your web server's access logs to gleam usernames and passwords as well. Putting this information in HTML hidden form fields is only marginally better. Using SSL is a bit better than that, but you've still got to code in an entire authentication mechanism with your CGI. Instead of doing all of this, why don't you consider using HTTP authentication, which is built in to most any real web server, and would allow your browser and server to do the job of authenticating, allowing your script to comfortably assume $ENV{HTTP_USER} is, in fact, the user currently logged in. This is considerably safer and easier than trying to build and manage an authentication system in CGI, especially if you're going to take the road to obfuscation to keep the data as 'secure' as you can.

In reply to Re: Securing the URL by Fastolfe
in thread Securing the URL by Granite

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.