On Wednesday, October 15, 2003, at 02:49 AM, David Christensen wrote:
..
1.) Establish an SSL connection 2.) Require the user to indentify himself (username and password) 3.) Check against some kind of user database 4.) Create a unique session ID number which can not easily guessed by others 5.) Store the ID on the users machine (cookie) or send it as part of the HTTP request ("foo.bar.org/myscript?SID=a3cc69...")
As I thought.
Question: are the HTTP requests (with CGI fields and values, including session_id) encrypted when using https?
yes.
..
I use CGI:Session in combination with HTML::Template and they cooperate well. Nicest feature is that you can redisplay pages filled with session data with a few lines of code (e.g. if you want a user to correct input made earlier in the session).
Good. I've been able to get CGI::Application, HTML::Template, and CGI::FormBuilder working together, but it took careful reading of the documents, a fair amount of thinking, and a bit of experimentation. ..
I just got done creating a framework for a secure application (well, not so secure because I don't use https... more like a "personalized weak security" application). I used CGI-Session. Very nicely done application. I wish CGI-Session had a driver for my favorite dsn, SQLite, but hopefully that will arrive eventually (CGI-Session author provides instructions on creating ones own driver, but such things are beyond me as I am mortal). Most personalized/security applications depend on the "server," and as such, would work better with Apache+mod_perl, but even with plain Apache the mileage is pretty good.
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
