|
|
 |
 |
 |
 |
Perl Programming Language
|
 |
 |
 |
 |
|
|
|
|
How to verify a usnername and password?
Please Help me.
I hold an old version of discussion board writen in Perl.
Recently, a guy from Chins violently spams my discussion board to
cause it even malfunctioned.
The only thing I can do is setup a Username/Password verifying
procedure to stop this Chinese from spamming. I am an ordinary girl
who know's nothing about this.
My intention is to add two columns,"username"and"password". When
Vistior post a message, the perl script verify the combination first.
Only the one with the right combination can succesfully post it. And I
intent to get every friends of mine different set of combination.
I roughly know that the process could be first define a password file:
$passwd_file = "path/to/my_password_file";
Then get the variable,
&check_passwd;
Then define the variable. but I just don't know how to make it happen.
Can anybody PLEASE help me so that I can stop this guy from paralizing
my discussion board. T_T
By the way, there is a short script in my Perl file to keep track of
every aticle:
$tolog = "Post $num|";
$tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
$tolog .= "$date";
$tolog .= "\n";
open(LOG,">>$testfile");
print LOG $tolog;
close(LOG);
After I put on the password verifying process, how to also record the
"username" information of evrey article?
thanks. Whoever you are who help me out, you are a life savior.
...
> I hold an old version of discussion board writen in Perl. > Recently, a guy from Chins violently spams my discussion board to > cause it even malfunctioned. > The only thing I can do is setup a Username/Password verifying
> procedure to stop this Chinese from spamming. I am an ordinary girl
> who know's nothing about this.
> My intention is to add two columns,"username"and"password". When
> Vistior post a message, the perl script verify the combination first.
> Only the one with the right combination can succesfully post it. And I
> intent to get every friends of mine different set of combination.
perldoc -f crypt
which will provide the capability to store encrypted passwords so that
if your system is compromised to the point where someone gets the
password file, they still won't be able to determine the passwords of
your users. You would start by defining a password for your friends and
storing the crypt'ed version of it in a file. Then let your friends
know the password, and arrange the software so they have to change the
password the first time through. You should arrange a couple of simple
checks so your friends can't use easily-cracked passwords like '' or 'a'
or 'abcde', etc -- if their passwords are easily cracked, you are no
better off than you were before.
Depending upon your software, you may need to lock access to the
password file so multiple instances of your program can't access it
simultaneously, at least not when one or more instances need to write to
it. See:
perldoc -q lock
Regarding the type of file to use: If you have only a few users, you
can probably get away with a plain text file of a form such as:
userID encodedpassword
If you have lots of users, you should consider a DBM-type file tied to a
Perl hash. See:
perldoc DB_File
(you might need to download the DB_File module first).
Note that userID and password administration can be a chore -- users
will forget their userID's and/or passwords, etc.
Question: Is your discussion board web-based, or something else?
> I roughly know that the process could be first define a password file:
> $passwd_file = "path/to/my_password_file";
> Then get the variable,
> &check_passwd;
> Then define the variable. but I just don't know how to make it happen.
> Can anybody PLEASE help me so that I can stop this guy from paralizing
> my discussion board. T_T
> By the way, there is a short script in my Perl file to keep track of
> every aticle:
> $tolog = "Post $num|";
> $tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
> $tolog .= "$date";
> $tolog .= "\n";
> open(LOG,">>$testfile");
> print LOG $tolog;
> close(LOG);
> After I put on the password verifying process, how to also record the
> "username" information of evrey article?
$tolog .= "$userID|";
at an appropriate place should do it, assuming variable $userID hold the
user's userID.
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl
On 6 6 , 11 11 , Bob Walton <see.@rochester.rr.com> wrote:
> nightc @gmail.com wrote: > ...
> > I hold an old version of discussion board writen in Perl.
> > Recently, a guy from China violently spams my discussion board to
> > cause it even malfunctioned.
> > My intention is to add two columns,"username"and"password". When
> > Vistior post a message, the perl script verify the combination first.
> > Only the one with the right combination can succesfully post it. And I
> > intent to get every friends of mine different set of combination.
> One place to start is:
> perldoc -f crypt
> which will provide the capability to store encrypted passwords so that
> if your system is compromised to the point where someone gets the
> password file, they still won't be able to determine the passwords of
> your users. You would start by defining a password for your friends and
> storing the crypt'ed version of it in a file. Then let your friends
> know the password, and arrange the software so they have to change the
> password the first time through. You should arrange a couple of simple
> checks so your friends can't use easily-cracked passwords like '' or 'a'
> or 'abcde', etc -- if their passwords are easily cracked, you are no
> better off than you were before.
> Depending upon your software, you may need to lock access to the
> password file so multiple instances of your program can't access it
> simultaneously, at least not when one or more instances need to write to
> it. See:
> perldoc -q lock
> Regarding the type of file to use: If you have only a few users, you
> can probably get away with a plain text file of a form such as:
> userID encodedpassword
> If you have lots of users, you should consider a DBM-type file tied to a
> Perl hash. See:
> perldoc DB_File
> (you might need to download the DB_File module first).
> Note that userID and password administration can be a chore -- users
> will forget their userID's and/or passwords, etc.
> Question: Is your discussion board web-based, or something else?
written by a guy Matt from Matt's Script website long tme ago. It's
so simple that I even have to add up a few advanced function myself(of
course, with a lot of help). The main struction is the main page of
board, a wwwboard.pl to process the posting, a message directory to
store posted messages, that's all.
I know it's too easy for spamers but I just love the seasiness of it.
after check out what you said, I crrently host my sebsite in a
commercial hosting company. I seem to have such write to all that you
suggest. I'll contact my hosting to see if they can do it for me.
THanks a lot.
(frankly, before you tell me this, I didn't think about the file
security.)
By the way, can you tell me how to write the Verifying Process of my
usernames and passwords?
He is again spaming now. Gosh, I hate this kind of spammer!!!
> > I roughly know that the process could be first define a password file:
> > $passwd_file = "path/to/my_password_file";
> > Then get the variable,
> > &check_passwd;
> > Then define the variable. but I just don't know how to make it happen.
> > Can anybody PLEASE help me so that I can stop this guy from paralizing
> > my discussion board. T_T
> > By the way, there is a short script in my Perl file to keep track of
> > every aticle:
> > $tolog = "Post $num|";
> > $tolog .= "$ENV{'REMOTE_ADDR'}|"; ### IP
> > $tolog .= "$date";
> > $tolog .= "\n";
> > open(LOG,">>$testfile");
> > print LOG $tolog;
> > close(LOG);
> > After I put on the password verifying process, how to also record the
> > "username" information of evrey article?
> Looks to me like a simple addition of:
> $tolog .= "$userID|";
> at an appropriate place should do it, assuming variable $userID hold the
> user's userID.
> --
> Bob Walton
> Email:http://bwalton.com/cgi-bin/emailbob.pl- -
> - -
> Depending upon your software, you may need to lock access to the > password file so multiple instances of your program can't access it > simultaneously, at least not when one or more instances need to write to > it. See: > perldoc -q lock
of them). They just have to use the password I choose. There is no
written job for visitors. so, do I still need to do this? thanks.
(I know thess questions could look stupid..........)
nightc @gmail.com wrote: > Yes, it's a web-based discussion board. It is an old WWWboard Board, > written by a guy Matt from Matt's Script website long tme ago.
http://nms-cgi.sourceforge.net/scripts.shtml
I've got this problem of mine taking cared of. (which, of course,
created another new problem.I've opened a new thread to ask for
help... T_T)
thanks everybody for helping.
nightc @gmail.com wrote: >> Depending upon your software, you may need to lock access to the >> password file so multiple instances of your program can't access it >> simultaneously, at least not when one or more instances need to write to >> it. See: >> perldoc -q lock
> By the way, I'll decide the passwoard for everybody (which is about 40
> of them). They just have to use the password I choose. There is no
> written job for visitors. so, do I still need to do this? thanks.
> (I know thess questions could look stupid..........)
need to lock access to it from CGI scripts.
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl
|
|
|
|
|
|
Add to del.icio.us |
Digg this |
Stumble it |
Powered by Megasolutions Inc