If you want your usernames and passwords to look something like this.
ªaRtW¢³†Ê¬Ì~“µv$¾ïÃ
then store passwords in a mysql blob field with the encrypt() function and a
"key". I learned this technique from a very excellent tutorial by Aaron
Weiss at the following URL:
www.wdvl.com/Authoring/
geron'
-Original Message-
From: "Grierson, Garry (UK07)"<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue Sep 18 03:22:17 PDT 2001
Subject: Security Suggestions Please!
>I have to secure a newly developed web search service that deals with
>sensitive fiscal inform
At 04:37 PM 09/18/2001 +0200, Grierson, Garry (UK07) wrote:
>The internal people that have been granted access to the servers running
>this system probably wouldn't have the knowledge or inclination to attempt a
>hack.
Well, lets get our terminology straight first :)
To "hack" is a good thing...
> use strict;
> use CGI;
> my $q = new CGI;
> my $password = $q->param( "password" );
>
> if ($password eq 'password'){ #only an example#
> print < ~~~ To Run Script Two, Three , Four ,
> etc.~~~
>
> It works but how secure is it assuming nobody is going to see the
> 'password'?
H
om: "Grierson, Garry (UK07)" <[EMAIL PROTECTED]>
To: "Roger C Haslock" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 3:20 PM
Subject: RE: Security Suggestions Please!
> 1) Ok point taken.
>
> 2) Mabey a little unclear here:
K07); [EMAIL PROTECTED]
> Subject: Re: Security Suggestions Please!
>
> At 12:22 PM 9/18/2001 +0200, Grierson, Garry (UK07) wrote:
> >I have to secure a newly developed web search service that deals with
> >sensitive fiscal information, this originally consisted of Perl sc
Tuesday, September 18, 2001 2:42 PM
> To: Grierson, Garry (UK07)
> Subject: Re: Security Suggestions Please!
>
> (This is not a perl/cgi question)
>
> 1)
> It is easier to manage changes if data is held in a database. By similar
> triangles, it is easier to manage secur
At 12:22 PM 9/18/2001 +0200, Grierson, Garry (UK07) wrote:
>I have to secure a newly developed web search service that deals with
>sensitive fiscal information, this originally consisted of Perl scripts that
>called html pages or other scripts. The default page ran a rudimentary login
>script that
I have to secure a newly developed web search service that deals with
sensitive fiscal information, this originally consisted of Perl scripts that
called html pages or other scripts. The default page ran a rudimentary login
script that launched a variety of html pages or further scripts, the html