Where do you get that sensitive information from? If it is originated on your
own server then why can't CGI script get it without mod_perl? Or why can't
you do internal redirect and put that information into query string? It doesn't
go outside of your server anyway.
If it is coming from client machine then there's nothing secure about it.
Cookies are stored in flat file and anyone can see what you hiding there.
As to ENV variables. Could PassEnv directive have something to do with that?
Andrei
On Wed, Dec 08, 1999 at 03:45:50PM -0500, Jason Simms wrote:
> Thanks for the advice, and this brings up another question... Honestly, if
> I were using an internal redirect, I wouldn't need to bother with these
> environment variables at all. The problem is that many times before I do
> this redirect, I also need to set a cookie. Am I correct in assuming that
> an internal redirect does NOT have the ability to set a cookie?
>
> The entire reason I have to do this is that I need to pass sensitive values
> to the CGI script from the module. I do not wish to use a simple query
> string, as the end user would then be able to intercept this. I want to
> pass values to the "child" CGI script (even though it is an entirely new
> request) without them being able to be intercepted easily. Hence, I thought
> if I could give the script access to the environment, I wouldn't need to
> pass the parameters over through the URI. Is there anohter way to do this?
>
> Jason
>
> >If you redirect, that's most likely telling the web browser to fetch
> >the new page. This makes it a totally new request.
> >
> >However, if you're using internal_redirect, then subprocess_env >should do
> >the trick, but the ENV values will be prefixed with >"REDIRECT_".
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
--
