Loading ...
Sorry, an error occurred while loading the content.

Web Service CGI authentication

Expand Messages
  • kvclarkusa
    I am writing a web service client that is a CGI (and is hosted on a shared unix web server) and the web service server requires a username and password for
    Message 1 of 3 , Mar 3, 2004
    • 0 Attachment
      I am writing a web service client that is a CGI (and is hosted on a
      shared unix web server) and the web service server requires a
      username and password for authentication.

      I do not want to put the username and password inside the actual cgi
      for security reasons, i.e. something like this is what I want to
      avoid:

      $username = "aaaa";
      $password = "123456";
      $result = ConnectToWebservice ($username,$password);

      What are the best practices from a security perspective to deal with
      this, i.e. do I store the username, password in another file, and if
      yes how would I set this up/reference it so it is secure, is there
      another way to handle, etc?

      Thank you,
    • Emanuel G Calso
      Why don t you just ask for the username or passwd everytime you run the script? ie: $username= ; $password= ; $result = ConnectToWebservice
      Message 2 of 3 , Mar 4, 2004
      • 0 Attachment
        Why don't you just ask for the username or passwd everytime you run the
        script? ie:
        $username=<STDIN>;
        $password=<STDIN>;
        $result = ConnectToWebservice ($username,$password);

        or maybe you could just store your username in your script and password in
        your database?
        $username="aaaa";
        $command="SELECT password FROM tbl_name WHERE username=$username";
        $password=$DBI->execute($command);
        $result = ConnectToWebservice ($username,$password);

        i'm sure there are other ways, hitherto that's the only way i know.

        HTH

        On Thursday 2004 March 04 00:18, kvclarkusa wrote:
        > I am writing a web service client that is a CGI (and is hosted on a
        > shared unix web server) and the web service server requires a
        > username and password for authentication.
        >
        > I do not want to put the username and password inside the actual cgi
        > for security reasons, i.e. something like this is what I want to
        > avoid:
        >
        > $username = "aaaa";
        > $password = "123456";
        > $result = ConnectToWebservice ($username,$password);
        >
        > What are the best practices from a security perspective to deal with
        > this, i.e. do I store the username, password in another file, and if
        > yes how would I set this up/reference it so it is secure, is there
        > another way to handle, etc?
        >
        > Thank you,
        --
        eman calso
        http://www.bloodpet.tk/
        I have learned
        To spell hors d'oeuvres
        Which still grates on
        Some people's n'oeuvres.
        -- Warren Knox
      • daymobrew@yahoo.com
        ... How about using basic authentication that the web server has built in. Here is some information about basic authentication in Apache:
        Message 3 of 3 , Mar 4, 2004
        • 0 Attachment
          --- In perl-beginner@yahoogroups.com, "kvclarkusa" <kvclarkusa@y...>
          wrote:
          > I am writing a web service client that is a CGI (and is hosted on a
          > shared unix web server) and the web service server requires a
          > username and password for authentication.
          >
          > I do not want to put the username and password inside the actual cgi
          > for security reasons, i.e. something like this is what I want to
          > avoid:
          >
          > $username = "aaaa";
          > $password = "123456";
          > $result = ConnectToWebservice ($username,$password);
          >
          > What are the best practices from a security perspective to deal with
          > this, i.e. do I store the username, password in another file, and if
          > yes how would I set this up/reference it so it is secure, is there
          > another way to handle, etc?
          >
          > Thank you,

          How about using basic authentication that the web server has built in.

          Here is some information about basic authentication in Apache:
          http://httpd.apache.org/docs/howto/auth.html#basic
        Your message has been successfully submitted and would be delivered to recipients shortly.