Suggestions that may or may not be applicable to your situation:

  1. Don't pass around data that you don't want users or baddies to see/access, or do it as little as possible. Not passing data is even more secure than 128-bit encryption.
  2. Sessions can be a nice place to park sensitive data. If you're unfamiliar with sessions, they're kind of like a hash that resides on the server(s) for a specific user. Several CPAN modules exist for managing sessions, or try a home-grown db-based one.
  3. POSTing your forms (instead of GETting them) will put nothing into the highly-visible querystrings.
  4. As b10m said, SSL is a very good way of foiling packet-sniffers, but it doesn't do squat if your problem is that you don't want users/baddies seeing indexes/keys in the querystrings in your source code. If this is the issue then you must resort to one of the encryption modules or some sort of lookup tables on the server. Even this can be less than foolproof, though. Imagine that I access the following (spuriously encrypted) url - "www.expensivepics.com/picserver.cgi?3RJHT=H5RTJ98" - and the next day I just paste the same url into my browser even though it's no longer supposed to be an option for me? Its 'So much for encryption' unless you've taken other measures.

Update: Dang! iburrell said almost the same thing that I did mere minutes (twenty, but I'm a slow typer) before I finished with my comment. Sorry for the redundancy, all.

Hanlon's Razor - "Never attribute to malice that which can be adequately explained by stupidity"

In reply to Re: web cgi forms data security... by Art_XIV
in thread web cgi forms data security... by noname00

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.