I basically generate a session id and username and pass it through the scripts in the query. Each script would verify the session and username thats stored in the mysql db 'Members Online'. Is that considered bad security measures? Wouldn't this sort of be the same as using a cookie. Each content page would be PERL scripts displaying HTML and would still need some authentication coding, weither it be cookie or db authentication?
Would you guys say choosing the Apache on Windows using .htaccess would be the safest way to go or cookies/db authentication is safe enough? These files that are for members aren't really top knotch files that need to be secured, but as I continue to learn PERL, I want to get to the point where I'm familiar with security in your Perl scripts that incase some job comes along that requires it, I'll be confident enough to do so.
Also does anyone have suggestions on books for this type of subject?
Thank you,
Anthony
Comment on Re: help with security info for web content
>Also does anyone have suggestions on books for this type of subject?
i can recommend a book published by o'reilly (who else?) about basic secure coding-prinicples.
Secure Coding: Principles & Practices. it tells you a lot about what causes security wholes and how you can prevent them. but it does not show you specific code (that's why it's called 'principles').