This directory contains various utilities for mon.cgi users. moncgi-appsecret.pl ------------------- This script helps you automatically change your application secret key if you are using mon.cgi authentication (and if you aren't using authentication, why not?). Please see the script for usage guidelines. Your users' passwords can be trivially decrypted if your application secret is compromised and someone can subsequently access their cookie file. The best way to protect against this is to not allow general access to the machine that mon.cgi runs on (i.e., administrators only). Changing the application secret on a regular basis is one way to guard against attacks which could potentially rely on stealing the app secret. I would recommend changing the app secret every 1-7 days. More often than daily is probably inconvenient for your users (who will be logged out when the app secret changes). It's simple to use from cron: # Change the app secret on the mon.cgi CGI at 4am every day 0 4 * * * /usr/local/adm/bin/moncgi-appsecret.pl /home/www/mon/mon.cgi