I am also working on a project that requires passing a password via the web, and obviously did not want to do so URL encoded with GET. My suggestions:
A. Use CGI.pm's param() method to get your form data. I second Carl's question as to why you would manually parse the form data when you can get all of the form data into a hash by simply doing use CGI; my $query = new CGI; my %formvalues = $query->Vars; B. The way I went about the password issue without using GET, or even a POST with hidden fields (better but still not ideal), is to use CGI::Session to generate a unique session ID once the username and password are authenticated. Now I use the session ID in hidden fields where I can, URL encoded using GET where I have to, but the username and password are not being passed around insecurely. The CGI::Session docs are pretty decent on the examples, so you shouldn't have much trouble with it. You can also use the generated session ID as a cookie and fake statefulness that way. Your solution may require more effort because you are using a telnet session and authenticating that way, where I'm just authenticating against either .htaccess files or MySQL columns, so you've got another link in the chain there. But then again telnet passes username/password in plain ascii, so we're back to the security issue on that end of it. Have you considered initiating an SSH session rather than a telnet session? Just a thought... Scot R. inSite -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Carl Jolley Sent: Saturday, June 14, 2003 7:29 PM To: ashish srivastava Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Help needed -- Net::telnet gives errors On Sat, 14 Jun 2003, ashish srivastava wrote: > Hi Ibrahim > Thanks for ur help ! > I am able to connect to the UNIX server using Prompt=>'/[\w]$-/' (the login > being the user id with which the person has logged in eg. "tom-" ). But 1 > more prob. > i have an application in which this perl script is being called by an HTML > form (the usual Login screen ) and the login pwd is passed to the perl > script > > This is my code for the HTML form > ====================== > <html> > <head> > <title>Login Screen</title> > </head> > <body> > <H1><center><U> User Log in Screen </U></H1></center> > <br><br><hr> > <form name="usrlogin" > action="/cgi-bin/telp.pl" method="GET" > > <center> > User id :     > <input type="text" name="fname" > > <br> > Password : > <input type="password" name="fpwd" > <br><br> > <input type="reset" Value="Reset" >    <input type="submit" > Value="Submit" ><hr> > </ center> > </form> > > </body> > </html> > > And this is the Perl code > ================ > > use CGI; > use CGI::Carp qw(fatalsToBrowser); > use Net::Telnet(); > print "Content-type:text/html\n\n"; > read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); > @pairs = split(/&/,$buffer); > print " @pairs \n"; > $j=0; > foreach $pair (@pairs) { > ($name, $value) = split(/=/, $pair); > $value =~ tr/+/ /; > #($dummy,$name)= split(/?/,$name); > $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; > $FORM{$name} = $value; > $info[$j]= $value; > $j++; > } > > > $t = new Net::Telnet (Timeout => 10, Prompt > =>'/xxxx-/i',input_log=>'D:\server\logs\inputlog.txt'); > $t->open("xxx.xxxx.xxx.xxx") or die "Server not found \n"; > $t->login($usr, $pwd); > @lines = $t->cmd("ls -l"); > foreach $temp(@lines) > { > print "<a href = \"cgi-bin/change_dir.pl\">$temp</a><br>"; > } > > ==> The problem is that when i clik submit in the login screen, it dosent > paas the usrname nad pswd to the perl prog. I dont understand why this is > happening. > Please help. > It's because you said the method was GET but you tried to retreive the value from the form as though the method was POST. When the method is GET the form values are passed via the $ENV{QUERY_STRING}. I strongly suggest that the GET method NOT be used when you are passing a password unless you only want to keep the password secret from those who don't know how to view/source on an HTML page. Also why are you "hand-parsing" the form input anyway when the CGI module has already done it for you? **** [EMAIL PROTECTED] <Carl Jolley> **** All opinions are my own and not necessarily those of my employer **** _______________________________________________ Perl-Win32-Users mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
BEGIN:VCARD VERSION:2.1 N:Robnett;Scot FN:Scot Robnett ORG:inSite Internet Solutions NOTE;ENCODING=QUOTED-PRINTABLE:Low cost web hosting, 50 MB disk space, easy and intuitive browser-based pag= e builder and control panel, 2000 product shopping cart, contact management,= site promotion, and free tech support:=0D=0A=0D=0A http://www.mawebcenters.= com/insite2000 TEL;WORK;VOICE:(815) 206-2907 TEL;CELL;VOICE:(815) 790-9687 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Square West Center=0D=0A454 W. Jackson St.;Woodstock;IL;60098;United State= s of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Square West Center=0D=0A454 W. Jackson St.=0D=0AWoodstock, IL 60098=0D=0AUni= ted States of America URL;HOME:http://www.insiteful.tv URL;WORK:http://www.insiteful.tv EMAIL;PREF;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] REV:20030223T194915Z END:VCARD