Re: ENV INFORMATION

Or you could store them in a database table, or pass them as hidden form fields.

EDIT: Given that the Perl-specific ENV variables worth persisting are not usually settable from your Perl script, I assumed that the original poster was asking about persisting CGI ENV variables from Perl. If this was not the case, you can disregard my post.

Also note that any ENV variables you don't want the viewer to have access to should not be stored as hidden form fields.

Comment on Re: ENV INFORMATION

Replies are listed 'Best First'.
Re^2: ENV INFORMATION by tilly (Archbishop) on May 22, 2005 at 23:33 UTC
I am still puzzled at how a question that is so obviously about shell scripting could be mistaken for a CGI question. When people start talking about passing information around in %ENV, they're obviously talking about shell scripting. About the security note, the issue with hidden form fields is not that users can read them, it is that users can set them. For instance take the common flub of putting prices in hidden form fields. Someone can save your page, edit the prices, and strike a special deal. Obviously you want the viewer to see what your prices are. But you don't want your viewer to set them, so you shouldn't use hidden form fields for that.	[reply]

Replies are listed 'Best First'.

Re^2: ENV INFORMATION
by tilly (Archbishop) on May 22, 2005 at 23:33 UTC

When people start talking about passing information around in %ENV, they're obviously talking about shell scripting.

About the security note, the issue with hidden form fields is not that users can read them, it is that users can set them. For instance take the common flub of putting prices in hidden form fields. Someone can save your page, edit the prices, and strike a special deal. Obviously you want the viewer to see what your prices are. But you don't want your viewer to set them, so you shouldn't use hidden form fields for that.

[reply]