08-01-96 Created the README.CHANGES and README.INSTALLATION files Replaced all usages of "here document printing with qq! method. To many people were having trouble because when they transferred the files using binary mode, invisible characters would get stuck in the script and screw up the here formatting. qq! is used to change the print delineator from double quotes (") to bang (!). We do this so that double quotes within the print string will not need to be escaped. Added informative error messages to the open commands Added new authentication libraries Removed the line which chopped session_email because the auth libs do that now. Created directories Data_files, Setup_files and Support_files within the Databases directory so that various security/permissions could be maintained and separated by class. Changed link in the final subroutine to point to db_manager.cgi instead of database_manager.cgi Moved as much GUI HTML generation routines to db_manager.html as possible so that you can keep as much of your customizations as possible when upgrades come around. 09-11-96 Fixed a typo on Line 26. I changed "$! = 1;" to "$| = 1;". 01-37-97 Restructured the logic of the script Broke main routine into 11 subroutines. Allowed for multiple deletes Created Log File Analysis Implemented group/user/admin authentication Added more admin variables like the time and the session info. Broke out customizable HTML into the setup file. 04-02-98 Fixed problem with multiple deletes so database is not deleted after the last delete row Fixed problem with authentication for del and mod in which only the last user to submit a deletion or modification could actually modify or delete. Changed the incoming session_id routine to filter out "/" characters. Auto delete of session files fixed. Added -T taint checking to the header of the cgi script. For example, #!/usr/local/bin/perl becomes #!/usr/local/bin/perl -T Perl 4 Note: Perl 4 does not support the -T parameter. Instead, use #!/usr/local/bin/taintperl Taint checking basically forces the programs to validate all input that is going to have any effect on files or system calls. In addition, library calls need to be explicitly named. So ./ is prefixed in front of required libraries in the current subdirectory. Made modifications to the main script to support taint checking. Anytime a filename results from input from a user such as form input, this input needs to be validated in order to be considered safe by the taint checking perl script. Thus, changes have been made to validate the data using techniques described in the perl documentation and the WWW security FAQ located at http://www.w3.org/Security/Faq/ by Lincoln Stein Note though that when taint mode is on, paths need to become more specific. For example, the library require statements use "./" to indicate explicitly that we are grabbing the library from the current directory and not just in the @INC include path.