Aug 4, 2005, 7:01 PM
Post #9 of 10
On Aug 4, 2005, at 11:42 AM, J?rgen Peters wrote:
> On Thu, 4 Aug 2005 18:14:14 +0300, Vlad Bazon wrote
>> On the other hand, in order to avoid to <manually> modify the data of
>> a other user - a solution could be the (banal) extension of the
>> controller code with:
>> [code that relies on checking for GET calls vs username/password]
>> Am I wrong?
> yes, you are. many users are able to save and edit the html page to
> fake a
> POST request. and thats just the trivial way. being a programmer, i
> always write a perlscript which pretends to be a browser doing a
> POST request.
> and that's not hard to do either, even for script kiddies.
> just use serious authentication which requires some hard guessable
> from the user. everything else is rubbish.
Succintly, albeit indelicately, put. :>
Vlad, J?rgen is right on the money. If you want to do
authentication, ask the user for a username and password, then check
this information against the database. Anything less than that is
For detailed directions on how to do this, look here: http://
It provides a discussion, further pointers, and a complete (tested)
Login.pm for you.
Also, could you please bottom-post (or, best of all, intermix) future
replies? It makes it easier to follow the conversation.