Thread: WEB-interface
Greetings, I want to do WEB-interface to postgresSQL 6.4.2 using perl. I can do one level web-page, so you can say Username/Password and read some data from database. But if I want to create subform, I have to know username/password again. Now, I'm solving this problem transmitting <input type="hidden"> back to client - but this method is wrong. I'm using apache web server on bsdi-3.1. Thank you, ----------------- Sergei Chernev Internet: ser@nsu.ru Phone: +7-3832-397354
On Thu, 15 Apr 1999, Sergei Chernev wrote: > Greetings, > > I want to do WEB-interface to postgresSQL 6.4.2 using perl. > I can do one level web-page, so you can say Username/Password and > read some data from database. > But if I want to create subform, I have to know username/password again. > Now, I'm solving this problem transmitting <input type="hidden"> back > to client - but this method is wrong. > I'm using apache web server on bsdi-3.1. I've started to use .htaccess subdirectories more and more for doing this, but you could also Cookie's for doign this... Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
"Sergei Chernev" <ser@nsu.ru> writes: >But if I want to create subform, I have to know username/password again. >Now, I'm solving this problem transmitting <input type="hidden"> back >to client - but this method is wrong. Make an MD5 checksum of the username, password, and current time. Send the MD5 checksum in a hidden field (or use a cookie). Keep a server-side cache of the currently valid checksums (expire the old ones periodically), and check the incoming checksum against the cache for each request. -Michael Robinson