in reply to web cgi forms data security...

To save you a lot of hassle, see if SSL is an option for you (most http daemons can handle it). This way, everything between the user and your server is encrypted, without you doing anything different :)

--
b10m

Replies are listed 'Best First'.
Re: Re: web cgi forms data security...
by hardburn (Abbot) on Dec 30, 2003 at 22:01 UTC

    SSL won't save you here. The user can still modify the parameters being passed on their end. With encrypted params, there's no way the user can know what chagnes they are making.

    Though it's probably better to do proper session management instead.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    : () { :|:& };:

    Note: All code is untested, unless otherwise stated

[reply]
[d/l]
      noname00 "i just want the data given to be as secure as possible and to be encrypted when "traveling" around the site :)"
      b10m "see if SSL is an option for you"
      hardburn "SSL won't save you here.The user can still modify the parameters being passed on their end."

      Sorry, but I didn't get the part where the user shouldn't be allowed to change parameters. I figured the OP wanted a way to make sure the sensative data couldn't be snooped by others. Using SSL seems valid in this case, if you'd ask me. But please explain.

      And yes ... I should have suggested using the post method over the get method too.

      --
      b10m
[reply]

In Section Seekers of Perl Wisdom