jakbo
04-02-2007, 06:39 PM
I'm currently building a website that has several html pages and several c++ cgi scripts providing a means through which the client can interact with an underlying mysql database.
It starts with a login page, in which the user enters a username and password. This information is then transmitted to the cgi script, which queries the db and if the information is valid it brings the user to another html page, which is also capable of interacting with the db.
My question is this: Right now, I can't prevent someone from simply bypassing the login page and going straight to the other html pages, leaving my db vulnerable to illegitimate users. How do I make it so a user absolutely has to provide a valid username and password in the login page in order to get to the other html pages?
It starts with a login page, in which the user enters a username and password. This information is then transmitted to the cgi script, which queries the db and if the information is valid it brings the user to another html page, which is also capable of interacting with the db.
My question is this: Right now, I can't prevent someone from simply bypassing the login page and going straight to the other html pages, leaving my db vulnerable to illegitimate users. How do I make it so a user absolutely has to provide a valid username and password in the login page in order to get to the other html pages?