View Full Version : Web site security?

04-02-2007, 07:39 PM
I'm currently building a website that has several html pages and several c++ cgi scripts providing a means through which the client can interact with an underlying mysql database.

It starts with a login page, in which the user enters a username and password. This information is then transmitted to the cgi script, which queries the db and if the information is valid it brings the user to another html page, which is also capable of interacting with the db.

My question is this: Right now, I can't prevent someone from simply bypassing the login page and going straight to the other html pages, leaving my db vulnerable to illegitimate users. How do I make it so a user absolutely has to provide a valid username and password in the login page in order to get to the other html pages?

04-03-2007, 11:37 AM
You will need to implement some sort of session mechanism: every page will need to check if a valid session has been started and the user requesting that page has successfully logged in. If not, the page needs to be blocked, show the login dialog or redirect the user to the login page (whichever is appropriate).

A server side scripting language like PHP has built-in session management; I'm sure other languages have similar facilities as well.