DreamT has asked for the wisdom of the Perl Monks concerning the following question:

Hi again, I'm working on a simple "ajax framework", and i'd like to encrypt the parameters so that the Ajax call only has one parameter (data=<encrypted string>), instead of the standard 'a=123&b=12345'.
When the script receives the call, it should of course decrypt it.

It doesn't have to be "ultra-safe" (i.e. no "dangerous parameters" are sent), I just want it to look good;-)

How to do it?

Replies are listed 'Best First'.
Re: encrypt / decrypt?
by Corion (Patriarch) on Jun 17, 2009 at 12:32 UTC

    Use CGI::Session. This has the advantage that you don't even need JavaScript.

[reply]
      Ok, if I understand it right, this module makes it possible to store data "persistent"?
[reply]

        The "one line description" of CGI::Session says:

        CGI::Session - persistent session data in CGI applications

        That sounds similar to what you described.

[reply]
Re: encrypt / decrypt?
by dorward (Curate) on Jun 17, 2009 at 13:21 UTC
    Please don't. URIs don't need to look pretty, and adding layers of obfuscation makes development, bug fixing and maintenance harder.
[reply]
Re: encrypt / decrypt?
by tmaly (Monk) on Jun 17, 2009 at 14:28 UTC

    If you wanted to do the encryption on the client side, you could use dojo http://www.dojotoolkit.org/book/dojo-book-0-9/part-5-dojox/dojox-cryptography

    And then on the server side use a perl module of the same flavor cypher

[reply]
Re: encrypt / decrypt?
by citromatik (Curate) on Jun 17, 2009 at 12:35 UTC
[reply]
Re: encrypt / decrypt?
by jettero (Monsignor) on Jun 17, 2009 at 18:27 UTC
    I think corion is right about using CGI::Session... but if you don't want to do that, and you insist on obfuscating the URI, you might consider treating the data as a path and using $cgi->path_info to extract the path past your CGI. (This only works in webservers that support it.)

    -Paul

[reply]

Back to Seekers of Perl Wisdom