On Fri, 14 May 2004 09:25:27 +0100 David Dorward <[EMAIL PROTECTED]> wrote:
> On 14 May 2004, at 08:33, Werner wrote: > > I've got a form that makes use of the GET method to provide the cgi > > script with details. My problem is that you can see all of the > > fields being posted. i.e. > > > > /people.cgi? > > surname=TestSurname&forename=TestName&location=TestLocation&phone=T > > estP honeNumber&search=+Search+ > > > > is there any way that I make sure these details are not seen or to > > be encrypted in some way? > > Well, you could use POST (not that that makes it impossible for the > user to see the data, it just doesn't encode it in the URL). This > would break the ability of the user to bookmark the results page (and > post is explicitly for http requests which change something on the > server) so that wouldn't be a good idea. > > You could also use client side scripting (ha ha) to run the data > through some encoding algorithm, then reverse it in the Perl. This > would break the moment someone tried to use it without client side > scripting enabled, so it also a bad idea. > > I can't think why you would want to hide this information; the user > has, presumably, typed it into a search form and thus already knows > it! > > -- > David Dorward > <http://dorward.me.uk/> > <http://blog.dorward.me.uk/> > better yet: use SSL (I mean the apache module) or any other secure data transport layer. cheers, Alex -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>