Re: Perl and Cookies

I'm not sure, but I would guess that HTTP provides no guarantees about the order of cookies. The workaround for this would be to search the array for the right cookie, but it's not worth implementing, because...

On another note. How secure is this type of security?

Not at all. It would be extremely easy to work around this security entirely. It looks like your example could be worked around by simply disabling JavaScript. The problem is that by using JavaScript, you're trusting the client to do the authentication, and ultimately the client is under the control of the user. You really need to do your authentication on the server, which is (hopefully) under your control.

Comment on Re: Perl and Cookies

Replies are listed 'Best First'.
Re^2: Perl and Cookies by htmanning (Friar) on Mar 06, 2006 at 04:49 UTC
Wow, you're right. Do you think I could embed some perl script that would be called when the page is loaded? That script could read the cookie and then set a variable yes or no? Any snippets you could give me? Thanks.	[reply]
Re^3: Perl and Cookies by sgifford (Prior) on Mar 06, 2006 at 13:51 UTC
The easiest way to do this is to use the authentication built into your HTTP server. Search for "HTTP Basic Auth" in your documentation, and you should find a few commands to password-protect pages. The second easiest way is to write a small CGI script to check the password and only return the page if the correct password is given (make sure it only returns the appropriate pages, and can't be fooled with things like `../../../../../../etc/passwd`). You can also do some pretty cool magic with mod_perl and its authentication handlers with Apache::AuthCookie.	[reply]