URL protection using MySQL databases. 2005-01-13 - By Gregg R.Allen
Back
I've been asked to create some web pages that use username and password
authentication for resources on our web server.
I want people to be able to log into our web server, provide a username
and password, and be given a URL that allows them
to download their data file(s) for the day. (from anywhere in the
world.)
The URL table, (it's not the username and password table for the
database) looks like this:
username varchar(20),
password varchar(20), # MD5 hashed, or whatever,
URL varchar(80);
Note: Their can be multiple URL's for one username and password.
At this point the URL's only point to data files on our web server. I
want to make it flexible enough
for ANY URL.
I thought I had solved the problem by simply pulling out the URL's by
username and displaying them on that user's
web page with a simple CGI script. That was obviously not secure
enough, because a manager embarrassed me by finding a user with an
open web page, and after writing down the URL and typing it into his
computer, he downloaded the file, which was not his.
I don't expect anyone to write code for me, but if someone could just
point me in the right direction, a CPAN module, or some hints,
I would be extremely grateful.
Thanks,
Gregg Allen
Cerebra, Inc.
--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=mysql@(protected)
|
|
