Re: Secure way of passing variables between forms

The most secure way of protecting data is to not transfer it at all. Is there a way you can avoid passing the password, at least? If it were me, I'd encrypt the username then pass only that data instead of the user/pass combo.

As far as encryption goes, it's scaleable depeding on how secure you want to make it. If you just want a light encryption that's very easy, but not incredibly secure, you should explore MIME::Base64. Technically, it's an encoding and not a true encryption, but I think it's good enough to keep the most unsophisticated snoopers (aka average web users) at bay. At the very least, they can't just type in random plain-text usernames to see if they get lucky.

If you want more than this super-basic method, then you'll need to follow the links in the other replies.

Comment on Re: Secure way of passing variables between forms

Replies are listed 'Best First'.
Re^2: Secure way of passing variables between forms by Anonymous Monk on Dec 28, 2005 at 00:34 UTC
How's the encryption done? Is it through Javascript, which is done at the client end?	[reply]
Re^3: Secure way of passing variables between forms by kwaping (Priest) on Dec 28, 2005 at 00:45 UTC
That's a bit of a nebulous question, but the encryption/encoding I was thinking of is all done in Perl, before it gets to the client.	[reply]
Re^4: Secure way of passing variables between forms by Anonymous Monk on Dec 28, 2005 at 04:17 UTC
Hm...I was on the impression that it's about encrypting the data so that even if it gets intercepted while being transmitted, there's no risk of it being exploited.	[reply]