Is there any way to hide the form data that the DBIx::Recordset
PrevNextForm function generates? i just noticed that if someone does a
"view source," the user can view your db connection, username, password,
etc. That doesn't seem very secure even though this is a pretty cool
subroutine to have. I'm using embed perl to handle these request so
perhaps there might be another mechanism that works with DBIx::Recordset
that does the same thing without having to write that kind of sensitive
information as hidden fields? Thanks
Normaly there are no sensitive data in hidden fields. The hidden fields only
contain the data, you send to the page. That means when you request the page
with a link http://host/db.epl?username=foopassword=secret you will find
the username and the password in the hidden fields, but that's not the fault
of DBIx::Recordset. More exactly, DBIx::Recordset uses the values from
%fdat, so if you add your username and your password to %fdat, they will
also apear in the hidden fields. In this case either delete them from %fdat,
before you call PrevNextForm or better never put them in.
Gerald
-
Gerald Richterecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: [EMAIL PROTECTED] Voice:+49 6133 925151
WWW:http://www.ecos.de Fax: +49 6133 925152
-
