Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

storing information & security level

Status
Not open for further replies.
baad

baad

Programmer
Apr 10, 2001
1,481
0
0
RU
hi there

excuse me if you see this question not in the very first time, but i'm in the total darkness.. give me some light

question about security:

how to keep information on the server with maximum level of safety? (talking about passwords, for example)

what i mean:

when i save something in some file on the server (with cgi script) that means that this file have to be readable/writeble for everyone (chmod 666) - or else users would face with 500 ISE
so, everyone is able to connect to the source file (thru sockets) & delete/view its content (i use crypt, so, don't bother if someone would read its content)

how to avoid that?

databases?

i thought about chmod 644 for that file, but then i'd have to edit it myself with every new entry - mmnaaa!!
Victor
 
Sort by date Sort by votes
Hi,

When a user creates a password and passes it to the cgi-bin script, use crypt on it placing the crypt value into a string. Then use the crypt string in the table update statement.


Also many databases have security built into them to set up new users and passwords. The down side of this is you would need someone to prefrom this task each time a new user is added.

Leland

Leland Leland F. Jackson, CPA
Software - Master (TM)
Nothing Runs Like the Fox
 
Upvote 0 Downvote
Hi,

After thinking about you post, I remembered there is a function, at least in MySQL, that automatically handles password encryption. If you connected to a database that contained a table named test you could type the below SQL in a command line. It would insert into table test a username [Leland] and a password [FoxPro]. The function PASSWORD('FoxPro') would encrypt the password. You could adopt the following SQL into perl and let perl do the update.

INSERT INTO `test` (`user_name`, `password`) VALUES ('Leland', PASSWORD('FoxPro'))


Leland Leland F. Jackson, CPA
Software - Master (TM)
Nothing Runs Like the Fox
 
Upvote 0 Downvote
hi Leland, thanks

weird.. seems like i've already posted a reply here this morning.. i've been truncated!! :)

well, the point is that i have to make one script accessable for 1-2 people only & i don't know if i would use any of sql services, or would it be just text/binary files on the server.. i don't even know if that server support databases (i'd knowout it tomorrow)

thanks again for the reply Victor
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CHARTPAPER
  • Locked
  • Question
get information from POST to a cgi ksh (not pearl)
Replies
1
Views
29
feherke
feherke
photogirl78
  • Locked
  • Question
FLASH MX & CGI Script
Replies
2
Views
23
ChrisHunt
ChrisHunt
ladyoclass1
  • Locked
  • Question
.pl & .php not working properly
Replies
5
Views
40
ladyoclass1
ladyoclass1
1DMF
  • Locked
  • Question
SSI EXEC & Query String
Replies
12
Views
49
1DMF
1DMF
DPROMICS
  • Locked
  • Question
Netscape & Firefox display HTML code rather than as a web page
Replies
3
Views
26
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top