in reply to Secure State Maintenance

And what if the user hits back and then submits an older one? Will you be keeping the old ones in the db for a certain amount of time? Doesn't sound so secure to me.

The right way to ensure that client-side data has not been messed with is to use a message digest. This is described quite nicely in the free chapter from O'Reilly's CGI book.

Replies are listed 'Best First'.
Re: Re: Secure State Maintenance
by George_Sherston (Vicar) on Feb 28, 2002 at 17:55 UTC
    Good point. I had intended to delete each one as I create a new one. But then if somebody hits the back button... he gets treated as logged out. So it IS secure... in much the way as locking the doors of your shop stops people stealing from it. Huh. Glad I asked. Thx

    § George Sherston
[reply]

In Section Seekers of Perl Wisdom