Hi all, I have written an HTML form which calls a cgi script written in Python. The Python script looks at the data in the form and produces an XML data file. Next, I have an XSLT file that operates on the XML data to make an HTML webpage (why, yes, it uses CSS too. How many more Web 2.0 acronyms can I include here?).
The cgi script is hidden away in an inaccessible subdirectory, it cannot be seen, but it is executable. The final web page is intended to be visible to the world. The HTML form which submits the data is currently visible to the world. Obviously I don't want just anyone to be able to submit the form (but I don't mind if anyone can *see* the form). What is the simplest, standards-based mechanism I can use to allow only certain people to submit the form? I think it's HTTP AUTH, but I haven't found a decent howto to follow. A username/password pair is fine, or just a password would be ok. The data isn't sensitive, I just wanted to make it easy for a person to enter some data and produce a pretty web page. Also, I am not fully in control of the web server. It is currently running on a hosted service. Please could I have some tips or suggestions? Links to "the world's best cgi securification page" would be appreciated. Thanks, Andrew
