As olus said, you can get around passing the plaintext password in the filesystem entirely if, instead of producing HTML code that invokes a separate CGI, you have your main CGI program generate the image (into the filesystem) and then produce HTML that points to this temporary file. You're still passing the password around in the filesystem, but using a generated image as a form of encryption.
Once you have done that, the next question is how to store the password for future comparison against the credentials supplied by the user.
The Unix password authentication system, which has worked well for many years, actually never stores the password itself, either in plaintext or in a format that can be decrypted. What it stores is a "hash", which is produced by encrypting a fixed plaintext, unrelated to the password, using the password as key. The key is then discarded, so the hash can never be decrypted. However, if the same plaintext is ever encrypted using the same algorithm using the same key, the hash produced is guaranteed identical. So you end up storing and comparing hashes of passwords instead of actual passwords.
Look at the crypt() function if you're on a Unix or Unix-like system, which works pretty much as I've just described (I've left out some details for simplicity); or look at MD5 digests, which operate similarly and are used in place of crypt() on some Linux distributions.
One last thing: you will run afoul of accessibility requirements -- which have the force of law in many applications -- using only an image to transmit temporary passwords like this. Visually impaired users will have to be provided their passwords in some other way, probably involving the telephone.
In reply to Re: Passing variable from one cgi to another
by bigmacbear
in thread Passing variable from one cgi to another
by 3SRT
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |