>At 2:53 PM -0700 3/29/01, James Reynolds wrote:
>>Does anyone know of a perl webserver? I read in "Perl in a
>>Nutshell" that it is possible. Has it been done?
>>
>>Why I ask:
>>I am trying to make FileMaker Pro's Web Companion more secure by
>>hijacking the login process with a perl script. (I could have
>>purchased Lasso, but even it doesn't do what I want, which is have
>>a timeout on "realms," WebSTAR nor Quid Pro Quo has a timeout
>>either.)
>
>What are you trying to protect against? Snooping of passwords from
>IP Packets? Then use https. Unsecure password selection? Validate
>it in FileMaker Pro, instead of at the webserver interface. Good
>passwords being used by bad people? You can only do so much.
>
>You talk about wanting 'realms' to timeout. If, by that, you mean
>you want passwords to expire - write a perl solution that changes
>all FMPro passwords and schedule it with something. If you mean you
>want connections to expire, at a brute force level you could
>schedule a perl script to shut down the webserver and start it up
>again.
>
>In other words, I don't believe that using a perl-based webserver is
>the right hammer for the screw you are trying to drive. But maybe I
>simply don't understand what you are asking.
I wanted to protect against authorized users screwing up databases
just in case they ever felt inclined to modify the form submissions
or URL submissions. The databases are targeted for those who would
know how to do this.
The easiest way I can think of doing this (without just plain
throwing FileMaker away) is to make the users post submissions to a
perl script, have the script decide if the submission is ok, if yes
send the submission to FileMaker, get the response, and send the
response back to the user. FileMaker doesn't have a way of
restricting "authorized" users.
Anyway, the response to my first email tells me that I should
actually just use javascript and a form submission for the username
password portion. I just wanted to see if I could find a way to get
the pop-up username password dialog box.
--
Thanks:
James Reynolds
University of Utah - ACLIS
Academic Computing and Library Information Services
[EMAIL PROTECTED]
801-585-9811
