Greetings,
I am trying to determine the best method for creating a secure members' only area of a
website. The public area of the site displays data retrieved from mysql tables. The
private area will allow members to update their own data within those tables. I found
plenty of documentation on the net regarding the implementation of secure files and
subdirectories using apache's .htaccess file. My problem is that I only want to
restrict the functionality of certain parts of a perl script, not a subdirectory or
file. I want to be able to do this by requesting a username and password in html
format, not a popup menu. I am also looking into MD5 encryption in order to pass the
encrypted value through cgi from one request to another until the user is done. From
what I can see, MD5 only uses one-way encryption. For example, I want to know if I can
safely store the username and password in a standard mysql table? Should they be
stored in encrypted format? If so, how would I be able to send a user their password
if they forgot it when the password is encrypted and MD5 cannot retrieve it? I have
full root access to my own Linux server (RH7) and am using apache with open SSL
enabled. The cgi-bin for https requests is in a different subdirectory. I am wondering
if I should pass requests to a new perl script located in the SSL cgi-bin once the
user has been authenticated or if it is secure enough to stay in the non-secure
cgi-bin. The data itself is not that sensitive. I just don't want other people to
break in and change it around.
Basically, I want to know how I should approach this problem and if there are any
online resources that can get me thinking.
Any help is appreciated. Thanks.
Ibrahim Dawud
