Security & Convenience
Posted on 1999-07-14
I am creating a web interface to a database, which I want to add user level access. Im using Xitami web server for windows.
I have a login html form which gets a username and password. My cgi prog. (written in MS visual Basic 5.0) takes these and checks they match an entry in my users database (MS Access). If they do match, my cgi prog. creates a welcome page.
The welcome page has further forms. I want to be sure that people can't link directly to the cgi progs that create the later pages without loggiing in.
Currently I am making the login cgi output the username and password (hidden) so they can be re-submitted to go on to further pages, but this is a pain.
I would be very grateful if anyone has any ideas on other solutions to this problem that have reasonable security.
Thanks in advance
PS how does this experts exchange web site let me link without having to re-enter my login? is it using cookies that allows this?