Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cookies and passwords

Posted on 1998-07-14
12
Medium Priority
?
264 Views
Last Modified: 2012-05-04
How can I use standalone cgis to access a website? I read that it can be done with cookies, but I couldn't understand the idea and I don't found the way to send and retrieve cookies with my cgi. I'm working with delphi c/s without any third-party tool.
0
Comment
Question by:speaker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 4

Expert Comment

by:d003303
ID: 1357883
Yo,
to set cookies you have to include an additional header entry in the reply. This entry is
Set-cookie: <name>=<value>
where name is the name of the variable in the cookie, value its value. You may set several cookies at a time.

The browser now sends back the cookie(s) at all following requests to the site that set the cookie. You can get the values fromout your CGI environment.

Slash/d003303
0
 
LVL 4

Expert Comment

by:d003303
ID: 1357884
Hum, any comment about the rejection ?

Slash/d003303
0
 

Author Comment

by:speaker
ID: 1357885
Sorry, Slash/d003303. I do not want to reject the answer, i am just understanding the way of doing things within EE. The problem is that I am just a begginner with cgis and your answer cannot help me. I have a lot of questions. How can i read a password and encript it in some way from the cliente to my cgi and then send a cookie? How can i send that cookie? How can i read that cookie in each page for testing that the password is correct?
Again d003303, i don't want to reject your answer but i couldn't accept it, i need a little more. Sorry again,

Speaker
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Expert Comment

by:d003303
ID: 1357886
No prob. It's just if you don't comment why you reject, it is hardly possible to help you further. Anyway, first thing to know is if you are using Delphi c/s 3 ? In version 3 there is native CGI, ISAPI and NSAPI support. In all versions below 3.0 you will have to do CGI handling "by hand".

Slash/d003303
0
 

Author Comment

by:speaker
ID: 1357887
Iam using delphi 3.0 Client/Server version.
0
 

Author Comment

by:speaker
ID: 1357888
Adjusted points to 98
0
 
LVL 4

Expert Comment

by:d003303
ID: 1357889
OK, first a few basic things. HTTP is a loose coupled protocol, i.e. for one request you get one reply, that's it. The HTTP server does not carry any context to the client. For authorizations, you need a context. There are several possibilities to achieve this.
The first one is server-authorization (like here at EE). You are prompted for a user/password, and the browser sends this authorization in every request to that server.
The second one is to keep a program running that handles the client contexts. You log in through a web page and start a CGI. The CGI contacts the context app to verify the login, gets back a session handle and stores this handle in a cookie on the client. On all subsequent calls, this cookie is read by the CGI and transfered to the context app wich processes the request.
The second possibility has a lot of advantages, but it is much more difficult to code. You can track the state of the user because you have access to the opened sessions identified by the cookie. So you will not have to store the state in hidden form fields etc. You can time out a connection after a certain period of time. In General, you can set a web frontend onto any tight coupled or context dependant protocol.

Now, what do you need then ?

Slash/d003303
0
 

Author Comment

by:speaker
ID: 1357890
Well, the second option is what fit best with my objetives.
I am thinking on using a table with user/password data.
The user has to login in a page and then submit the user/pw entries.
How can I encrypt the pw from the client to the server the first time he log in the page in that session?
The session handle is something that I create with some meaning for me or what is it?

0
 
LVL 4

Expert Comment

by:d003303
ID: 1357891
Encrypting the password in a safe way can only be done via a Java applet or an ActiveX control. If you use a JavaScript function, you could use encryption based on a public key.
A session handle is a unique identifier to a session. You could create new handles by e.g. incrementing a number, random numbers with a check over existing session handles etc.
For safety reasons it would be necessary to change the session handle after each request. Otherwise some hacker could easily hook into a running session without logging in.

Questions?
0
 

Author Comment

by:speaker
ID: 1357892
Two more questions:
1) Can the javascript code be hide inside my html code?
and finally:
2) How can I accept your answer?

Thanks you!!!!
Speaker
0
 
LVL 4

Accepted Solution

by:
d003303 earned 360 total points
ID: 1357893
1) No, the only possibility is to put the code into an external .js file. But the location of this file is seen in the HTML source, and so anybody could download it by knowing its location.
But Encryption based on public keys (like PGP) do not rely on hiding anything on the client side, that's the good thing ! If one knows the algorithm AND the public key, he cannot decrypt anything. For decryprion you need the private key, wich resists on the server. This key can be well protected in code/resources/secured files/secured registry keys.
2) Now you can ;-)

Slash/d003303
0
 

Author Comment

by:speaker
ID: 1357894
Now yes, you answer my question and more. Thanks you for your help!!
Speaker
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question