> Is there any way to hide the form data that the DBIx::Recordset
> PrevNextForm function generates? i just noticed that if someone does a
> "view source," the user can view your db connection, username, password,
> etc. That doesn't seem very secure even though this is a pretty cool
> subroutine to have. I'm using embed perl to handle these request so
> perhaps there might be another mechanism that works with DBIx::Recordset
> that does the same thing without having to write that kind of sensitive
> information as hidden fields? Thanks
>
Normaly there are no sensitive data in hidden fields. The hidden fields only
contain the data, you send to the page. That means when you request the page
with a link http://host/db.epl?username=foo&password=secret you will find
the username and the password in the hidden fields, but that's not the fault
of DBIx::Recordset. More exactly, DBIx::Recordset uses the values from
%fdat, so if you add your username and your password to %fdat, they will
also apear in the hidden fields. In this case either delete them from %fdat,
before you call PrevNextForm or better never put them in.
Gerald
-
Gerald Richterecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: [EMAIL PROTECTED] Voice:+49 6133 925151
WWW:http://www.ecos.de Fax: +49 6133 925152
-