Secure?? Have you guys been paying attention to the Matt's Script Archive discussion? You can pass along parameters between pages either in the URL or as hidden fields, but NEITHER IS REALLY SECURE!! The hidden fields only stymie the newbies. :-) Anyone could just save the form to their hard drive, modify the hidden field values there, and submit that version. If the server script thinks it need only check the referer variable to get around this, the hacker can submit their modified page with their own client, setting the referer field to whatever they want.
True, it's nicer not seeing them in the URL, but it's not that much more secure. I recommend Chapter 8 of O'Reilly's "CGI Programming with Perl" for a thorough discussion of CGI security issues. - John --- David vd Geer Inhuur tbv IPlib <[EMAIL PROTECTED]> wrote: > > Hi Sven, > > Sorry, I thought you knew that one. > > But how to proceed if you don't want those > ugly/insecure params in your location bar ? > > ... snip ... > > > > <input type=hidden name=hide1 value="secure"> > > > <input type=hidden name=hide2 value="very > secure"> > > ... snip ... ===== "When you're following an angel, does it mean you have to throw your body off a building?" - They Might Be Giants, http://www.tmbg.com ---- Word of the week: Serendipity, see http://www.bartleby.com/61/93/S0279300.html __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
