CGI::Application::Plugin::LinkIntegrity should be available soon on a
CPAN mirror near you:
http://search.cpan.org/dist/CGI-Application-Plugin-LinkIntegrity-0.02/
Thank you to the cgiapp list for all your help answering my questions
about QUERY_STRINGs and whatnot.
Thanks especially to Richard Dice. This module is based on a feature
from CAF that he wrote.
CAP::LinkIntegrity is a plugin that makes it easy to create
tamper-resistant URLs in your application.
Basically, it adds a crytpographic checksum to each link you generate:
my $link = $self->make_link("/account.cgi?rm=balance&acct_id=73");
print $link; # /account.cgi?rm=balance&acct_id=73&_checksum=1d7c4b82d075785de04fa6b98b572691
If the user attempts to change part of the URL (e.g. a query string
parameter, or the PATH_INFO), then the checksum will not match. The run
mode will be changed to link_tampered, and the invalid_checksum
hook will be called.
You can define the 'link_tampered' run mode yourself, or you can use
the default 'link_tampered' run mode built into
'CGI::Application::Plugin::LinkIntegrity'.
You can disable link checking during development by passing a flag at
configuration time.
You can choose the module you want to use to generate the checksum (e.g.
Digest::MD5 or Digest::SHA1), or you can create your own subroutine to
do the work.
Michael
---
Michael Graham <suppressed>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.