CGI::Application::Plugin::LinkIntegrity can make tamper-resisistent links in CGI::Application.
SYNOPSIS
In your application:
use base 'CGI::Application';
use CGI::Application::Plugin::LinkIntegrity;
sub setup {
my $self = shift;
$self- >link_integrity_config(
secret = > 'some secret string known only to you and me',
);
}
sub account_info {
my $self = shift;
my $account_id = get_user_account_id();
my $template = $self- >load_tmpl('account.html');
$template- >param(
'balance' = > $self- >link("/account.cgi?rm=balance&acct_id=$account_id");
'transfer' = > $self- >link("/account.cgi?rm=transfer&acct_id=$account_id");
'withdrawal' = > $self- >link("/account.cgi?rm=withdrawl&acct_id=$account_id");
);
}
In your template:
< h1 >Welcome to The Faceless Banking Corp.< /h1 >
< h3 >Actions:< /h3 >
< br / >< a href="< TMPL_VAR NAME="balance" >" >Show Balance< /a >
< br / >< a href="< TMPL_VAR NAME="transfer" >" >Make a Transfer< /a >
< br / >< a href="< TMPL_VAR NAME="withdrawal" >" >Get Cash< /a >
This will send the following HTML to the browser:
< h1 >Welcome to The Faceless Banking Corp.< /h1 >
< h3 >Actions:< /h3 >
< br / >< a href="/account.cgi?rm=balance&acct_id=73&_checksum=1d7c4b82d075785de04fa6b98b572691" >Show Balance< /a >
< br / >< a href="/account.cgi?rm=transfer&acct_id=73&_checksum=d41d8cd98f00b204e9800998ecf8427e" >Make a Transfer< /a >
< br / >< a href="/account.cgi?rm=withdrawl&acct_id=73&_checksum=3c5ad17bdeef3c4281abd39c6386cfd6" >Get Cash< /a >
The URLs created are now tamper-resistent. If the user changes acct_id from 73 to 74, the _checksum will not match, and the system will treat it as an intrusion attempt.
Product's homepage
Requirements:
· Perl
Find us on Google+
