• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Security & Convenience

I am creating a web interface to a database, which I want to add user level access. Im using Xitami web server for windows.

I have a login html form which gets a username and password. My cgi prog. (written in MS visual Basic 5.0) takes these and checks they match an entry in my users database (MS Access). If they do match, my cgi prog. creates a welcome page.

The welcome page has further forms. I want to be sure that  people can't link directly to the cgi progs that create the later pages without loggiing in.

Currently I am making the login cgi output the username and password (hidden) so they can be re-submitted to go on to further pages, but this is a pain.

I would be very grateful if anyone has any ideas on other solutions to this problem that have reasonable security.

Thanks in advance

PS how does this experts exchange web site let me link without having to re-enter my login? is it using cookies that allows this?
1 Solution
Last question first. Yep a cookie is being used for EE.

The only solution that you have to you problem is that you need to have a bit of information sent with every request from the client of stored locally. I don't know you Web Server so I'm not sure what features are available certainly some like IIS allow variables to be stored for each session so you can track whatever you like for a user including that they have logged in. However the way that the sessions are established is by the creation of a cookie so we are back to square one again.

Apart from a cookie and hidden fields this is the limit to your options (unless you fancy writing servlets).

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now