Please see my questions in line! Thanks!
>> In addition my client anticipates storing this extremely sensitive data
>> using Microsoft Access on his site which is largely implemented in Perl
CGI.
>>
>>
>Microsoft Access does not scale. Consider using SQL Server if it must
>be MS, or investigate the open source databases like PostgreSQL and
>MySQL if cost is an issue. Stray away from using Access for anything
>production as its meant to be a simple DB. It will burn them. Most of
>my current job is converting all the Access DB's floating around to our
>Oracle DB, while the MIS department is figuring out ways to make sure
>Access will not run on anyone's computers :)
>
I have explained the performance problems with Microsoft Access many times
to my customer and he does not listen. (This is because it is not a problem
with only he and I prototyping the site). What you describe is a performance
issue, not a security issue. It sounds like MSAccess is just as secure as
those other databases, correct?
>> Finally, what about using cookies for authentication and authorization?
>> Assuming his clients are amenable to turning cookies on, I believe the
>> favorite algorithm is to generate a random number when we prompt for a
>> password and (assuming the user enters a valid username and password)
store
>> this number both in the cookie on the browser and in the database. The
>> browser always presents this number to the Perl CGI code and we look up
the
>> number in the database to find the username and bump a counter in our
>> database everytime the user requests an evaluation.
>>
>
>More than just a random number in most cases. Usually double md5sum of
>the epoch bitwise or'd or appended with the process id number, ip
>address, or user id or a combination of thereof might work.
>
Do you have a reference where I could read up on this?
Thanks,
Siegfried
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
