I would suggest using cookies. It would be easy to change the existing scripts to do this. The level of security would then depend on what is stored in the cookie. Typically, when I do this, I authenticate the user, and then create a random session variable in a database. The cookie will then only have the username and session variable - no password. Then on each call, I check that the session variable passed by the cookie is valid and that it is for the correct user.

See merlyn's node: Adding "state" to HTTP for other methods, then if you're still interested see the Web Techniques columns...

Afterthought: The other responses to this question deal more with encrypting the data. My method (I believe) is secure so long as you use SSL for the original authentication. It seems to me that your problem is not so much about "sniffing" but more that if someone leaves their pc while logged in, someone could come along, "view source" and see the password. Even if you encrypt the password using client-side script or MD5, then people can still impersonate other users because your script relies on the encrypted data being posted which doesn't change between logins. If you have a database of valid session IDs, then they are no longer valid once someone has logged off - i.e. next time they log in, they will have a different session ID.

$code or die
Using perl at
The Spiders Web

In reply to Re: Ecryption? by $code or die
in thread Ecryption? by Punto

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.