Please see my questions in line! Thanks! >> In addition my client anticipates storing this extremely sensitive data >> using Microsoft Access on his site which is largely implemented in Perl CGI. >> >> >Microsoft Access does not scale. Consider using SQL Server if it must >be MS, or investigate the open source databases like PostgreSQL and >MySQL if cost is an issue. Stray away from using Access for anything >production as its meant to be a simple DB. It will burn them. Most of >my current job is converting all the Access DB's floating around to our >Oracle DB, while the MIS department is figuring out ways to make sure >Access will not run on anyone's computers :) >
I have explained the performance problems with Microsoft Access many times to my customer and he does not listen. (This is because it is not a problem with only he and I prototyping the site). What you describe is a performance issue, not a security issue. It sounds like MSAccess is just as secure as those other databases, correct? >> Finally, what about using cookies for authentication and authorization? >> Assuming his clients are amenable to turning cookies on, I believe the >> favorite algorithm is to generate a random number when we prompt for a >> password and (assuming the user enters a valid username and password) store >> this number both in the cookie on the browser and in the database. The >> browser always presents this number to the Perl CGI code and we look up the >> number in the database to find the username and bump a counter in our >> database everytime the user requests an evaluation. >> > >More than just a random number in most cases. Usually double md5sum of >the epoch bitwise or'd or appended with the process id number, ip >address, or user id or a combination of thereof might work. > Do you have a reference where I could read up on this? Thanks, Siegfried -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>