Bruce, During my lunch break I created a temporary fix. By converting the command if for until, I was able to modify the way that perl checked the username and password (I learned for the first time last night that perl always assumes a statement is true under the if statement). But, I wanted to install an additional bit of security that I discovered I could not implement. When I tried to print all of the $ENV variables I got: GATEWAY_INTERFACE = CGI/1.1 HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* HTTP_ACCEPT_CHARSET = iso-8859-1,*,utf-8 HTTP_ACCEPT_ENCODING = gzip HTTP_ACCEPT_LANGUAGE = en HTTP_CONNECTION = Keep-Alive HTTP_HOST = HTTP_PRAGMA = no-cache HTTP_USER_AGENT = Mozilla/4.6 (Macintosh; I; PPC) MACPERL = MacPerl Ä: PERL5LIB = REMOTE_ADDR = REQUEST_METHOD = GET SCRIPT_NAME = /cgi-bin/first.cgi SERVER_NAME = SERVER_PORT = 80 SERVER_PROTOCOL = HTTP/1.0 SERVER_SOFTWARE = MacHTTP/2.0 TMPDIR = USER = Admin If you look carefully, you'll notice that I missing the HTTP_REFERER variable. Why am missing this variable? Is there module that I need to be running in order to get it? Thanks, Tomer >I _always_ include in my CGIs some way to handle a web request directly >addressing the CGI. Visitors can always read your HTML source to find the >name and path of a <FORM ...> action CGI script, so I assume that someone >will do so. My scripts parse the action right at the start between how it >executes when addressed the way it's intended and how it executes otherwise. > >Finally, you could just set it up so that directly addressing the CGI is >the way you choose to have it execute normally, including the security >steps. If a visitor can't pass the security steps, then the script rejects >them and exits. I don't always like to present links directly to CGIs, but >sometimes this is the best way to work it. ==== Want to unsubscribe from this list? ==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org