--- Edward B Buford <[EMAIL PROTECTED]> wrote: > I work for a Library and have been asked to write a script, that will > allow > us to enter a user name and password and execute the login button for > several > password protected web sites. The web sites monitor the concurrent > number of > users and limit them to 2, so we are not worried about being in > violation of > the end users agreement. What we are worried about is people passing the > username and password around to friends off campus. I have much > experience > with VB6, but have very little experience with any scripting language. I > have > played with perl and have only used it for pulling information out of a > list. > I am working with Perl to learn this language, but the task that I'm > faced > with is far beyond my novice level. Therefore I am appealing to you who > know > how to offer examples, required reading, and any help possible. > Thank you in advance, > Humbly > Ed Ed, I hate to say this, but doing this *correctly* is not a trivial task. For example, at http://www.perlmonks.org/index.pl?node_id=101247 you can read a request I made for CGI security advice. That's the beginnings of an object-oriented module that controls access to the Web site I was working on. Many people will suggest that you use server-based authentication with .htaccess files and that might be fine for your application, but this type of authentication typically doesn't allow you to log out. The problem there stems from users forgetting to close their browser and having others come along afterwards and get to check out the sites in question. Since you're in a library, you likely have shared computers, which makes this problem more likely to occur. Further, if you use .htaccess files, you're probably using Basic Authentication which sends passwords over the connection in plain text (well, Base64 encoding, to be precise, but it's effectively the same thing). That means that it's trivial for hackers to sniff the connection and grab the passwords. As people tend to reuse passwords, this increases the likelyhood that the hacker could not only gain access to these sites that you want to restrict your users from, but possibly gain access to other things that those users don't want them to have access to. If you need to worry about permissions in addition to authentication, then your problem is even worse (authenticating is ensuring that they are a valid user of the system. Permissions allow you to check whether or not a valid user is permitted to perform the action they are requesting). You can read about permissions at http://www.perlmonks.org/index.pl?node_id=114222 (as usual, I am "Ovid" in that thread). This is a topic you'll want to do some heavy research on. The basics of CGI security are not terribly difficult, but authentication is much more complicated and usually (from my experience) done wrong. Also, you may have more luck posting such questions to the [EMAIL PROTECTED] list as that list specializes in CGI applications. Cheers, Curtis "Ovid" Poe ===== Senior Programmer Onsite! Technology (http://www.onsitetech.com/) "Ovid" on http://www.perlmonks.org/ __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
