Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Oct 2005
    Posts
    49
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Web site security?

    I'm currently building a website that has several html pages and several c++ cgi scripts providing a means through which the client can interact with an underlying mysql database.

    It starts with a login page, in which the user enters a username and password. This information is then transmitted to the cgi script, which queries the db and if the information is valid it brings the user to another html page, which is also capable of interacting with the db.

    My question is this: Right now, I can't prevent someone from simply bypassing the login page and going straight to the other html pages, leaving my db vulnerable to illegitimate users. How do I make it so a user absolutely has to provide a valid username and password in the login page in order to get to the other html pages?

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    The Netherlands, Baarn, Ut.
    Posts
    4,252
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Session

    You will need to implement some sort of session mechanism: every page will need to check if a valid session has been started and the user requesting that page has successfully logged in. If not, the page needs to be blocked, show the login dialog or redirect the user to the login page (whichever is appropriate).

    A server side scripting language like PHP has built-in session management; I'm sure other languages have similar facilities as well.
    Regards,
    Ronald.
    ronaldvanderwijden.com


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •