At 4:18 PM -0700 3/29/01, James Reynolds wrote:
>>At 2:53 PM -0700 3/29/01, James Reynolds wrote:
>>>Does anyone know of a perl webserver? I read in "Perl in a
>>>Nutshell" that it is possible. Has it been done?
>>>
>>>Why I ask:
>>>I am trying to make FileMaker Pro's Web Companion more secure by
>>>hijacking the login process with a perl script. (I could have
>>>purchased Lasso, but even it doesn't do what I want, which is have
>>>a timeout on "realms," WebSTAR nor Quid Pro Quo has a timeout
>>>either.)
>>
>>What are you trying to protect against? Snooping of passwords from
>>IP Packets? Then use https. Unsecure password selection?
>>Validate it in FileMaker Pro, instead of at the webserver
>>interface. Good passwords being used by bad people? You can only
>>do so much.
>>
>>You talk about wanting 'realms' to timeout. If, by that, you mean
>>you want passwords to expire - write a perl solution that changes
>>all FMPro passwords and schedule it with something. If you mean
>>you want connections to expire, at a brute force level you could
>>schedule a perl script to shut down the webserver and start it up
>>again.
>>
>>In other words, I don't believe that using a perl-based webserver
>>is the right hammer for the screw you are trying to drive. But
>>maybe I simply don't understand what you are asking.
>
>I wanted to protect against authorized users screwing up databases
>just in case they ever felt inclined to modify the form submissions
>or URL submissions. The databases are targeted for those who would
>know how to do this.
Oh. That's completely different. I really didn't understand your question.
You should do this with a CGI, instead of a perl based webserver.
You'll need a web server to run a CGI, but it doesn't have to be one
written in perl (and you'll probably be a lot happier without it).
Have the user enter the data into a form driven by the CGI, and then
validate the data inside the CGI, and have perl do the database
entries (through ODBC, or Mac::Glue if you have to).
There's a macperl-cgi list for any questions you might have with
writing CGIs or publishing them through a webserver.
-Jeff Lowrey
