From: "Siegfried Heintze" <[EMAIL PROTECTED]>
> What is the difference (as far as security goes) between using a cookie and > a hidden field? Are hidden fields cached if we are using SSL? I think not. > > Both have the same security. A hidden field is simpler to be viewd by a user, but a cracker can see them both. > > If I use a GUID as a session ID in my database and store the GUID in a > hidden field and the user sees the GUID in some GET parameters, is this of > any consequence? > No, no problem, but it depends how you define that hidden field. For exemple, don't use as hidden fields autoincreasing numbers but always use random strings. > > > Someone recommend that I don't persist cookies. How do I not persist > cookies? > > > Don't put an expiration date and they will not be persistent. Teddy -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
