Jason,
If you don't *have* to use CGI scripts, you can stick the "sensitive" stuff
into $r->pnotes and do an internal redirect to another PerlHandler. The
browser would never see the sensitive info (it would be passed among handlers
on the server end), so this would go a long way to protecting the sensitivity
of the info.
If you start adding stuff to the server's environment, how long will it stay
there? Will it be available until you restart the server? That could get
very messy...
darren
Jason Simms ([EMAIL PROTECTED]) wrote:
> Thanks for the advice, and this brings up another question... Honestly, if
> I were using an internal redirect, I wouldn't need to bother with these
> environment variables at all. The problem is that many times before I do
> this redirect, I also need to set a cookie. Am I correct in assuming that
> an internal redirect does NOT have the ability to set a cookie?
>
> The entire reason I have to do this is that I need to pass sensitive values
> to the CGI script from the module. I do not wish to use a simple query
> string, as the end user would then be able to intercept this. I want to
> pass values to the "child" CGI script (even though it is an entirely new
> request) without them being able to be intercepted easily. Hence, I thought
> if I could give the script access to the environment, I wouldn't need to
> pass the parameters over through the URI. Is there anohter way to do this?
>
> Jason
>
> >If you redirect, that's most likely telling the web browser to fetch
> >the new page. This makes it a totally new request.
> >
> >However, if you're using internal_redirect, then subprocess_env >should do
> >the trick, but the ENV values will be prefixed with >"REDIRECT_".
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
--
All pleasures cost at least the time they take.
