I'm planning on passing information to my script, like the user's username, password, e-mail, and various other things. However, I'd rather not be sending them using something like "index.cgi?page=1;uname=test;pword=fbdDFH34;email=email@isp.com", for example. If possible, I'd rather send the parameters to the script, but not have the user's able to see them, or somehow hide them so that someone taking a look at the URL wouldn't be able to find the values easily.
| [reply] |
You can use a form and the POST method to send data outside of the URL, but the problem still remains -- once you send data to the client, the client knows it. If that's good enough, that's fine. Otherwise, if you're worried about sending secret data back and forth, don't send the secret data back to the client after the client submits it. Use some sort of persistent session store (CGI::Session, for example) and send the client a session ID you can use to retrieve the session information.
| [reply] [d/l] |
Use POST instead of GET on your form. They won't be part of the URL, although they will still be sniffable in the TCP stream, so use SSL (https) if that's also a problem.
| [reply] |