A simple character substituion cipher is pretty easy to break. If you are going to encrypt anything at least make an effort and use Crypto::TripleDES, Crypt::Twofish or similar. Or create your own implementation of a known algorithm. But don't rely on a home-made solution for a business critical application.

Cheers,
-- moodster

Absolutely. Home-brewed solutions tend to end up like CipherTextI. In the past, I've used a fairly simple system that I described in a previous thread, Administration Ignorance. In that example, I use Crypt::RC4, though there are any number of other quality encryption modules that you could use in its place. In addition to Crypt::RC4 and the two modules mentioned by moodster, I'd also suggest Crypt::Rijndael and Crypt::Blowfish. All of these modules are easy to use and relatively fast.
___________________
Kurt

I agree with Cyphering, but we got to remember that the calling code is written in ASP.

Does ASP supports the encryptions as the same way as Perl does, to have a exact crypt->decrypt pair?

Now coming back to original case, can anyone give me an idea how one can fetch the session information of IIS from perl code(I mean .pl codes not the perlscripted ASP code)?

If yes how can I initiate IIS session object in my perl code which would reurn me session data.

Thanks