Making a CGI script password protected..

warumono has asked for the wisdom of the Perl Monks concerning the following question:

I'm currently trying to setup password access to a CGI script. I've tried many password access scripts on the Web but they only work with text/html files. Are there any pointers where I can find password access scripts that work with CGI scripts too? I'm dying to untie this final knot in my project so any and all help would be much appreciated. Thank you very much.

Comment on Making a CGI script password protected..

Replies are listed 'Best First'.
Re: Making a CGI script password protected.. by aquarium (Curate) on Dec 17, 2004 at 13:41 UTC
use your web server's access/authentication mechanism. for apache, create a .htpasswd file in the directory where the cgi scripts live. iis has same kind of control through the administrative interface. it's not a good idea to put your only security measure inside the cgi, as the permissions on the cgi are typically fairly lax, to allow everyone access to it through the web server. the hardest line to type correctly is: stty erase ^H	[reply]
Re^2: Making a CGI script password protected.. by hostyle (Scribe) on Dec 17, 2004 at 14:16 UTC
.htpasswd doesn't protect your script any better from prying eyes or local users than properly implemented encryption (whether using md5, crypt() or whatever) inside your CGI. Both are equally valid methods if done correctly. .htpasswd is often easier to use, but its harder to log a user out if you choose this route	[reply]
Re: Making a CGI script password protected.. by kutsu (Priest) on Dec 17, 2004 at 15:09 UTC
First of all any CGI script can send their header as text/html, so those password protection scripts would proably work (if you didn't understand that have a look at Ovid's Web Programming Course, esp. lesson 3 which is a good introduction to web security). Also, have you tried Super Search searching for passwords and CGI, it gives a huge amount of nodes (Website login/authentication, perl web store, and perl web store just to name the first 3) "Cogito cogito ergo cogito sum - I think that I think, therefore I think that I am." Ambrose Bierce	[reply]