Re^2: Exec script within script or import sub...? help plz

Yeah, thx. I'm being stupid about it all. Just going to adjust how I use html::template.

As far as server side enforcing goes... I set a param of a session (using CGI::Session) to record their appropriate access. This should be secure, since they have no way of modifying the contents of a session, only the cookie that identifies which session they own, correct?

Thx for the feedback guys.

Steny

Comment on Re^2: Exec script within script or import sub...? help plz

Replies are listed 'Best First'.
Re^3: Exec script within script or import sub...? help plz by hbo (Monk) on Jun 21, 2004 at 06:27 UTC
Cookies are subject to man-in-the-middle attacks, particularly if you use them in non encrypted communication. CGI::Session uses cookies to keep state between the server and client. The attack isn't easy to do, so it shouldn't be a concern for a low-value target. If you have a high-value target you should be using SSL and keeping the cookie lifetimes short. I'm actually not sure this is true. This is what I imagine could be done by an attacker that can read the wire between the server and client: Read more... (539 Bytes)	[reply]

Replies are listed 'Best First'.

Re^3: Exec script within script or import sub...? help plz
by hbo (Monk) on Jun 21, 2004 at 06:27 UTC

I'm actually not sure this is true. This is what I imagine could be done by an attacker that can read the wire between the server and client: