You seem to be doing CGI. Don't send user name and passwords over the wire. Instead, generate a session ID, and use that as a key to retrieve session information, such as username/password, from a file or database. Then you only need to pass around the session ID. You can do this with a cookie or appended to the scripts URL (in PATHINFO). Check out Apache::Session and Apache::AuthCookie.