I use routines similar to what you're doing, though I tend to explicitly write out the hidden fields, since our company doesn't use templates (sigh). One common problem with hidden data is that those hidden values can easily be tampered with. If that's not important to you, it's not a big deal. However, you could have problems if you rely on something like the following: 
<input type=hidden name="price" value="42.95">

[download]
Then, it can be a trivial matter for someone to adjust the price value. Needless to say, if you have other data in those fields that you cannot afford to have altered, this can be a big problem. Try using Digest::MD5 or Digest::SHA1 (SHA1 takes longer, but it's more secure). Here's some sample code: 
#!/usr/bin/perl -w
use strict;
use Digest::MD5 qw ( md5_base64 );

my $rand  = 'yed*73=1/+#@%d';
my $price = '40.95';
my @data  = ($rand, $price);

my $base64_digest = md5_base64( @data );
print $base64_digest;

[download]
That should print something like "BS1+1ySMDuN+fqp7hnMRYw".

Take the digest value and embed that in the form. When the values are returned, recompute the digest with the same $rand. If the values don't match, your hidden values have been tampered with. Needless to say, you want $rand to be as secure as possible!

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just go the the link and check out our stats.

In reply to Ovid - Security with hidden data in HTML forms by Ovid
in thread functions for passing variables through multiple CGI forms by markjugg

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.