[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: web login form



Due to the "I must start coding in perl" directive that I've sent
zinging through my brain about once every five seconds, I've decided to
try my hand at perl (hands awful shaky all the sudden), I found a module
on cpan for auth with pam which would allow me to use my unix group and
username as the login system (so I wouldn't have to reinvent the wheel),
now I've ran into an article that say's using the system password is a
bad security risk, now I'm confused, so even if I use ssl and everything
between the client and server is encrypted using system accounts is
weak, some how I'm not following that logic, nate your half-life
security implementation sounds very cool, but due to time restrictions
I'll have to pass on the details until next time I see you, also before
I begin googleing heavy through this one does anyone know a good link
that explains doing web sessions with perl (and I would assume cookies),
thanks

Bob T. Kat

After a year in therapy, my psychiatrist said to me, "Maybe life isn't
for everyone."  

-----Original Message-----
From: silug-discuss-owner@silug.org
[mailto:silug-discuss-owner@silug.org] On Behalf Of Nate Reindl
Sent: Monday, July 15, 2002 8:08 PM
To: silug-discuss@silug.org
Subject: Re: web login form

Quoting Bob Castleberry <castlebb@cuinc.org>:

> If one were going to make a web login form for clients to log in and
see
> the progress of their orders what would be the best way to go about
this?

I've always gone about it using Zope, Perl, PHP, C, or even shell.  Do
Google 
searches for the former three; most Unices nowadays include ways to use
the 
latter couple effectively.

> The way I would like to do it is through a web form that could use
their
> username to redirect them to the appropriate page.  any links or
suggestions
> would help tremendously, thanks.

If you really want me to spout off what I've done (in detail, even) in
the not-
so-recent past, ask.  I've implemented some really interesting things
into 
login forms to prevent people from running bots or crackers on them 
successfully, and well, most of them were math- and
chemistry/physics-induced 
implementations not meant for the average every-other-day user.  I used
the 
principles of half-life to write up a keycode system that degenerated
depending 
on the half-life of uranium-238 or some other isotope.  It made cracking
things 
*really* difficult because an attacker (most likely NOT a script kidiot)
had to 
know the exact *second* I started the countdown, or else he/she would
spend a 
good deal of time running a brute force attack with a variable length 
containing anywhere from 20 characters to 500-odd.  This keycode was 
accompanied with the usual usr/pwd combination provided most everywhere
now.  
It was one of my more recent projects, though.  Thanks to some book
about 
chemistry review that I found in my dad's collection.

Anyway...

Kara and Steve, Trae says, "Howdy!"
*cough*
Don't ask.

Nate
--
(o-  Nate Reindl << Some deranged schizophrenic hellbent on world
domination.
//\
V_/  Message void if penguin violated, so don't mess with the damn
thing.

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.