Vol. 3. No. 1 — November 1997
Alternate HTML & CGI with Some Security Provisions
© Thomas N. Robb, 1997
Kyoto Sangyo University
This contains the sample HTML and sample CGI for a more secure version of the submission page. With this version, all classes using the page would have to know the same password (up to 10 letters). Changing the password involves modifying the CGI code itself, which isn’t very convienient and isn’t perfectly secure since anyone with an account in the school might have ‘read permission’ for the CGI programs. While this CGI is not resistant to dedicated hackers within the school it should provide reasonably good protection against most simple pranks.
<HTML> <BODY> <FORM METHOD=POST action="http://www.kyoto-su.ac.jp/cgi-bin/paperalt.cgi"> <table border=0 <tr> <td><b>What is your instructor's name? --></b></td> <td> <select name="tchremail"> <option value="trobb@cc.kyoto-su.ac.jp"> Press mouse here! <option value="ishii@cc.kyoto-su.ac.jp"> Thomas Robb <option value="robb-m@cc.kyoto-su.ac.jp"> Takeo Ishii </select></td> </tr> <tr> <td>Enter your password here--></td> <td><input type=text name="psword" size=10</td>> </tr> <tr> <td>Your name:</td> <td>Your E-mail address</td> </tr> <tr> <td><input type=text name="studname" size=30></td> <td><input type=text name="studemail" size=30></td> </tr> </table><p> <FONT SIZE=+1>Type or paste in your text below.</FONT><BR> <TEXTAREA NAME="message" WRAP=HARD ROWS=5 COLS=60> </TEXTAREA> <INPUT TYPE = "submit" VALUE = "Submit your message"> <INPUT TYPE = "reset" VALUE = "Erase"></CENTER> </FORM> </BODY> </HTML>
In order to make this work, you need to enter ‘robbtest’ as the password. Try something else, or leave it blank to see the ‘Sorry!’ message