Re^2: Encrypt web form values

Thanks, you got me thinking.

I need to encrypt certain values so that they can't be modified by the recipient of the web-page (such as downloading the page and modifying the hidden values). These values will be used when the page is submitted for server-side processing.

Should I be looking at CGI::Session to store the data? Can the recipient of a web-page manipulate these data for unintended purposes? In order words, can web-form values stored using CGI::Session be reliably used?

Comment on Re^2: Encrypt web form values

Replies are listed 'Best First'.
Re^3: Encrypt web form values by fmerges (Chaplain) on Dec 06, 2008 at 06:56 UTC
Hi, Yes, you should definitely look into CGI::Session. No the user cannot modify it, if you're not allowing it from the server side code. You can store almost whatever you want, and yes it can be reliably used. For storage you have also several options, file, db, cache, etc. Regards, fmerges at irc.freenode.net	[reply]
Re^4: Encrypt web form values by Anonymous Monk on Dec 06, 2008 at 12:44 UTC
Thanks, fmerges. So the recipient of the web page has no way of tampering with the session data, am I right? Could you clarify "if you're not allowing it from the server side code."? What does that mean?	[reply]
Re^5: Encrypt web form values by fmerges (Chaplain) on Dec 06, 2008 at 15:12 UTC
Hi, No the client cannot directly tamper. Check out the tutorial, CGI::Session::Tutorial it explains you all the details. BTW take also a look at this module Data::FormValidator and taint mode. Regards, fmerges at irc.freenode.net	[reply]
Re^6: Encrypt web form values by Anonymous Monk on Dec 07, 2008 at 02:59 UTC