Thread: Good Perl Admin Security

Hiyas,

I'm just wondering what code/setup I can use to protect a CGI/Perl script I've written (for admin of a website) from being tampered with...

I was thinking of having a username/password login screen where the user types in their details, with two textbox's (one of type 'text', the other type 'password'). However, I've heard that hackers can intercept the username/password when it's submitted on a form, since the form isn't properly secured/encrypted, or something like that...

Is this true...? If it is, what's a good alternative? Would a htaccess file/setup solve any unsecure connections, so the username/password is safe, etc.?

Does anyone have any feedback/ideas on this?

Thanks,

-Git

Security needs to go into the design process of the program, before it is written. But in the specific case of preventing attackers from intercepting sensitive information during its transmission from client to server requires SSL. If the hosting server supports it, they should provide you with the URI you need to use to reach their secure server.

Yup - security has been considered in the design and it's mostly pretty secure, except for this. The program is only a database program, but I still want protection against people intercepting a username/password when the administrator logs in (to do administration work on the database)... I don't know if I can have SSL support - is there any alternative methods?

How about a method using a htaccess file on the administration directory, so to access the administration script you have to login to the htaccess file?

BTW, what do forums (ie. the admin section) generally use for this kind of protection, if anything...?

Thanks,

-Git