Gossamer Forum
Home : Products : Links 2.0 : Discussions :

Pop Image

(Page 2 of 2)
> >
Quote Reply
Re: Pop Image In reply to
Here's what I get....
Software error:
[Sat Jan 22 18:54:25 2000] upgrade.cgi: Can't find string terminator '"' anywhere before EOF at /mypath/here/cgi-local/links/admin/links.def line 86.

------------------
BruceS
Quote Reply
Re: Pop Image In reply to
Cancel that one I found it. I used a double quote (")for the format field instead of two quotes (' ')!

Now I get no file error, which means I better check the paths! huh! Smile

Thanks

------------------
BruceS

[This message has been edited by BruceS (edited January 22, 2000).]

[This message has been edited by BruceS (edited January 22, 2000).]
Quote Reply
Re: Pop Image In reply to
The require lines use double quotes...The problem is associated with wrong paths to those two files.

Also, make sure as I stated before that you change /path/to/ to the FULL ABSOLUTE PATH where your database files are located!

All your data files should be 666 (rw-rw-rw-), NOT 777. The directory where the data files are located should be 777 (rwxrwxrwx).

Hope this makes sense!

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------





Quote Reply
Re: Pop Image In reply to
Thanks for the hand holding......

Database is upgraded with password field has been added and tested!

Smile Smile Smile

Next?

------------------
BruceS
Quote Reply
Re: Pop Image In reply to
Good for you.

Wink

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------





Quote Reply
Re: Pop Image In reply to
Just to clarify above....
Where I made the mistake was using " instead of ' ' in the links.def not the upgrade.cgi


------------------
BruceS
Quote Reply
Re: Pop Image In reply to
 
Quote:
posted January 22, 2000 03:11 PM PST If you are putting your database file in a .htaccess protected directory, then you can leave the password in plain text.
If not, then we will have to figure out something that will allow users to input a password, have it stored in an encrypted form, and then have people be able to receive the actual plain text password via email.

The encryption part is not hard, but sending the password in plain text from an encrypted format is the hard part.

The easiest thing to do is put your links.db file in a password protected directory and leave the password in plain text.

I had forgotten this, and went ahead and added type="password" to the Password input form in both the modify_first and modify templates that I am developing. They both worked without a hitch. The forms show the Password as ***** but database was updated in plain text.

I changed the password successfully as well.

Then I tested the password.cgi to email the forgotten password, and it came through in plain text as well.

So, since that works, my question is, are there any cross-browser issues, or anything I am overlooking that might affect this?

------------------
BruceS
Quote Reply
Re: Pop Image In reply to
I think you have it figured out. Point of clarification...using the password field does not encrypt the password...that has to be done via Perl or C++. I would recommend not using the password input type field for the password...so that people can type in exactly what they want without seeing the asteriks.

To clarify my point about password protection...if you are NOT keeping the links.db file in a password protected directory, then the best thing to do is use a password generation add-on that will automatically generate a password field and store it in an encrypted manner. As I mentioned the trick would be to unencrypt the password before sending the password, so that it is in plain text.

BUT if you have the links.db file in a password protected directory on your server, then you don't have anything to worry about.

I REALLY hope this makes sense!

Smile

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
* Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
* Search Forums!
* Say NO to Duplicate Threads. :)
----------------------







Quote Reply
Re: Pop Image In reply to
I think it makes total sense, and I have htaccessed the data directory as a matter of general protocol.

I am sensing that the issue of whether the user sees astericks or their password letters I guess is a matter of taste and perhaps a bit of illusion for the average user.

I somehow feel a bit safer when submitting a password if it shows up as astericks. call me silly.

Since we are offering them the ability to retrieve the password by email in plaintext along with their other info via the password.cgi, I think it should be fine, don't you?

As much as I have made about security through this issue, It is not like we are passing around secure Gov't info here. The system appears to offer enough safeguards for its purpose, I believe!

------------------
BruceS

[This message has been edited by BruceS (edited January 23, 2000).]
Quote Reply
Re: Pop Image In reply to
okay..silly.

Smile

Sounds like you got things covered.

Good job!

Smile

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
* Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
* Search Forums!
* Say NO to Duplicate Threads. :)
----------------------







> >