Re^4: need suggestions on Perl modules to support Encrypt Data

For the captchas: store the string and a session ID in a database, and only send the session ID to the user.

Is that necessary?? the captchas used only once and then thrown away. :-)

You could use that scheme for the paths as well, or if you want some light weight encryption, check out RC4. That's very easy to implement, but sadly not very secure. But secure enough to keep the occasional script kid off.

Many thanks, this is the one I need to try on my problems.. :-)

Comment on Re^4: need suggestions on Perl modules to support Encrypt Data

Replies are listed 'Best First'.
Re^5: need suggestions on Perl modules to support Encrypt Data by moritz (Cardinal) on Oct 29, 2007 at 08:16 UTC
You have to store something in order to provide a secure captcha. If you don't store anything, a malicious user agent could always return the same combination of text and encrypted data, and it would always pass. You could limit that with timestamps, but then you force all legitimate users to respond in a timely fashion - not a good idea.	[reply]
Re^5: need suggestions on Perl modules to support Encrypt Data by saberworks (Curate) on Oct 29, 2007 at 07:00 UTC
Is that necessary?? the captchas used only once and then thrown away. :-) That's exactly what sessions are for. You don't have to use a database, though, you can use Apache::Session::File to store it on the file system. Sessions have a specific lifetime, so if that amount of time has gone by and the session hasn't been used, it will be cleaned up anyway, it's not like you're losing any processing power or storage space, even on a large site. It will also be easier to code, in my opinion.	[reply]