If you want your usernames and passwords to look something like this.
ªaRtW¢³†Ê¬Ì~“µv$¾ïÃ
then store passwords in a mysql blob field with the encrypt() function and a
"key". I learned this technique from a very excellent tutorial by Aaron
Weiss at the following URL:
www.wdvl.com/Authoring/
I would run everything inside of a Secure Socket Layer (SSL) Win32 and/or use some
type of algorithm to encrypt the data between scripts. I would look into Digest::MD5,
it's a 128 bit one way hash algorithm. Go to CPAN for more info. Could be an idea to
get you started.
GL,
Mark Bergeron'
---
At 04:37 PM 09/18/2001 +0200, Grierson, Garry (UK07) wrote:
>The internal people that have been granted access to the servers running
>this system probably wouldn't have the knowledge or inclination to attempt a
>hack.
Well, lets get our terminology straight first :)
To "hack" is a good thing...
> use strict;
> use CGI;
> my $q = new CGI;
> my $password = $q->param( "password" );
>
> if ($password eq 'password'){ #only an example#
> print < ~~~ To Run Script Two, Three , Four ,
> etc.~~~
>
> It works but how secure is it assuming nobody is going to see the
> 'password'?
H
om: "Grierson, Garry (UK07)" <[EMAIL PROTECTED]>
To: "Roger C Haslock" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 3:20 PM
Subject: RE: Security Suggestions Please!
> 1) Ok point taken.
>
> 2) Mabey a little unclear here:
K07); [EMAIL PROTECTED]
> Subject: Re: Security Suggestions Please!
>
> At 12:22 PM 9/18/2001 +0200, Grierson, Garry (UK07) wrote:
> >I have to secure a newly developed web search service that deals with
> >sensitive fiscal information, this originally consisted of Perl sc
Tuesday, September 18, 2001 2:42 PM
> To: Grierson, Garry (UK07)
> Subject: Re: Security Suggestions Please!
>
> (This is not a perl/cgi question)
>
> 1)
> It is easier to manage changes if data is held in a database. By similar
> triangles, it is easier to manage secur
At 12:22 PM 9/18/2001 +0200, Grierson, Garry (UK07) wrote:
>I have to secure a newly developed web search service that deals with
>sensitive fiscal information, this originally consisted of Perl scripts that
>called html pages or other scripts. The default page ran a rudimentary login
>script that