Re: Re: web cgi forms data security...

SSL won't save you here. The user can still modify the parameters being passed on their end. With encrypted params, there's no way the user can know what chagnes they are making.

Though it's probably better to do proper session management instead.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

Comment on Re: Re: web cgi forms data security... Download Code

Replies are listed 'Best First'.
Re: web cgi forms data security... by b10m (Vicar) on Dec 30, 2003 at 22:41 UTC
noname00 "i just want the data given to be as secure as possible and to be encrypted when "traveling" around the site :)" b10m "see if SSL is an option for you" hardburn "SSL won't save you here.The user can still modify the parameters being passed on their end." Sorry, but I didn't get the part where the user shouldn't be allowed to change parameters. I figured the OP wanted a way to make sure the sensative data couldn't be snooped by others. Using SSL seems valid in this case, if you'd ask me. But please explain. And yes ... I should have suggested using the post method over the get method too. -- b10m	[reply]

Replies are listed 'Best First'.

Re: web cgi forms data security...
by b10m (Vicar) on Dec 30, 2003 at 22:41 UTC

noname00 "i just want the data given to be as secure as possible and to be encrypted when "traveling" around the site :)"
b10m "see if SSL is an option for you"
hardburn "SSL won't save you here.The user can still modify the parameters being passed on their end."

Sorry, but I didn't get the part where the user shouldn't be allowed to change parameters. I figured the OP wanted a way to make sure the sensative data couldn't be snooped by others. Using SSL seems valid in this case, if you'd ask me. But please explain.

And yes ... I should have suggested using the post method over the get method too.

--
b10m

[reply]