• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 160
  • Last Modified:

Security

Hi,

I created a webpage(Say Page A) asking the userId and Password,after the user entering the ID,password i am sending to the CGI program in a server,there i am checking .If the UserID and Password  is correct i am allowing to access another page(Say page B)

Suppose if the users knows the page B 's URL ,he can directly type the URL of Page B and he will enter in to the page B.Then what is the security ?then why we need the first page(Page A)UserID and Password.How i will protect the user directly entering in to the particular page instead of entering in to the UserId and Password page.please Help Me.
0
senthil_krn
Asked:
senthil_krn
1 Solution
 
Christian_WenzCommented:
you can try setting a cookie if the user enters the correct username/password combination, and make page B require this cookie.
However, why don't you just password-protect page B using htaccess?
0
 
mouattsCommented:
An alternative way is to check the environment variable HTTP_REFERER when a request for page B is made if this is anything other than page a then it indicates that access was not via the proper route.

Tied in with this is that the CGI can output the page which if you want stored as a normal html page can be stored in a location that the CGI can get to but the webserver can't.

There are a few other methods but when you start taking control of the security of a site, rather than leaving it to htaccess et al, you will soon find that you will need to generate all pages.

HTH
Steve
0
 
ozoCommented:
@
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
senthil_krnAuthor Commented:
Sorry i am new to this Concept can u give a code.
0
 
Christian_WenzCommented:
what kind of web server are you currently using? do you have cgi access?
0
 
senthil_krnAuthor Commented:
I am Using a NetscapeServer (Webserver version 3.6) and i am having cgi access.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now