In anticipation, thank you.
Q: How secure is this cookie
Background:
I have a hosting reseller account with Heart Internet in England. There are 43 customers. Four years ago I made account history pages for each customer covered with a simple login page (1) that calls off this cgi (2) and each account page includes this cookie (3). More web customers are coming on board and account pages include fairly sensitive infomation and I now wonder how secure is this arrangement.
Is it secure?
Would you recommend a different login arrangement?
Thank you !
(says Richard)
1) login.php includes this form:
Code:
<form id="ID" action="destinationURL/cgi-bin/login.cgi" method="post" name="theForm">
Account reference <input name="password" title="login" onfocus="formInUse = true;">
<input type="submit" value="login">
</form>
</div>
2) login.cgi
Code:
#!/usr/bin/perl
use strict;
use CGI::Cookie;
use CGI qw(:standard);
my %urlList = ("password1" => "destinationURL/account-page.php",
"password2" => "destinationURL/another-account-page.php",
"password3" => "destinationURL/another-account-page.php",
"end" => "" );
my $invalidurl = "destinationURL/404.php";
my $password = param ('password');
my $q = new CGI;
if (exists($urlList{$password})) {
my $validurl = $urlList{$password};
my $cookie = $q->cookie(-name => "validpassword", -value => "0", -path => "/");
print $q->redirect (-url =>$validurl, -cookie => $cookie);
}
else {
print $q->redirect (-url =>$invalidurl);
}
3) account-page.php
Code:
<script type="text/javascript">
<!--
function getCookieValue (cookieName) {
var exp = new RegExp (cookieName + "=([^;]+)");
if (exp.test (document.cookie + ";")) {
exp.exec (document.cookie + ";");
return unescape(RegExp.$1);
}
else return false
}
var invalidpassword = "destinationURL/404.php";
if (!getCookieValue ("validpassword")) {
location.replace (invalidpassword);
}
else {
var myCookie = getCookieValue ("password");
if (myCookie != "0") {location.replace (myCookie);}
}
//-->
</script>
How secure is this .js and .cgi cookie arrangement
Linear Mode
