Home > Archive > PERL CGI Beginners > May 2004 > Data encryption
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Werner 2004-05-22, 11:32 am |
| Hi there,
I've got a form that makes use of the GET method to provide the cgi script
with details. My problem is that you can see all of the fields being
posted. i.e.
/people.cgi?surname=TestSurname&forename=TestName&location=TestLocation&phone=TestPhoneNumber&search=+Search+
is there any way that I make sure these details are not seen or to be
encrypted in some way?
Kind Regards
Werner
| |
| David Dorward 2004-05-22, 11:32 am |
| On 14 May 2004, at 08:33, Werner wrote:
> I've got a form that makes use of the GET method to provide the cgi
> script with details. My problem is that you can see all of the fields
> being posted. i.e.
>
> /people.cgi?
> surname=TestSurname&forename=TestName&location=TestLocation&phone=TestP
> honeNumber&search=+Search+
>
> is there any way that I make sure these details are not seen or to be
> encrypted in some way?
Well, you could use POST (not that that makes it impossible for the
user to see the data, it just doesn't encode it in the URL). This would
break the ability of the user to bookmark the results page (and post is
explicitly for http requests which change something on the server) so
that wouldn't be a good idea.
You could also use client side scripting (ha ha) to run the data
through some encoding algorithm, then reverse it in the Perl. This
would break the moment someone tried to use it without client side
scripting enabled, so it also a bad idea.
I can't think why you would want to hide this information; the user
has, presumably, typed it into a search form and thus already knows it!
--
David Dorward
<http://dorward.me.uk/>
<http://blog.dorward.me.uk/>
| |
| David Dorward 2004-05-22, 11:32 am |
| On 14 May 2004, at 09:45, Alexander Bl=FCm wrote:
> On Fri, 14 May 2004 09:25:27 +0100
> David Dorward <david@dorward.me.uk> wrote:
>
[color=darkred]
> better yet:
> use SSL (I mean the apache module) or any other secure data transport
> layer.
That would be a good way to protect the information from third parties,=20=
I thought the question was about hiding it from the user.
--
David Dorward
<http://dorward.me.uk/>
<http://blog.dorward.me.uk/>=
| |
| Alexander Blüm 2004-05-22, 11:32 am |
| On Fri, 14 May 2004 09:25:27 +0100
David Dorward <david@dorward.me.uk> wrote:
> On 14 May 2004, at 08:33, Werner wrote:
>
> Well, you could use POST (not that that makes it impossible for the
> user to see the data, it just doesn't encode it in the URL). This
> would break the ability of the user to bookmark the results page (and
> post is explicitly for http requests which change something on the
> server) so that wouldn't be a good idea.
>
> You could also use client side scripting (ha ha) to run the data
> through some encoding algorithm, then reverse it in the Perl. This
> would break the moment someone tried to use it without client side
> scripting enabled, so it also a bad idea.
>
> I can't think why you would want to hide this information; the user
> has, presumably, typed it into a search form and thus already knows
> it!
>
> --
> David Dorward
> <http://dorward.me.uk/>
> <http://blog.dorward.me.uk/>
>
better yet:
use SSL (I mean the apache module) or any other secure data transport
layer.
cheers,
Alex
| |
| Alexander Blüm 2004-05-22, 11:32 am |
| On Fri, 14 May 2004 09:55:15 +0100
David Dorward <david@dorward.me.uk> wrote:
> On 14 May 2004, at 09:45, Alexander Bl=FCm wrote:
>=20
>=20
> That would be a good way to protect the information from third
> parties, I thought the question was about hiding it from the user.
>=20
> --
> David Dorward
> <http://dorward.me.uk/>
> <http://blog.dorward.me.uk/>
ok, then have embedded datablocks of encrypted values and use the
perl<-->javascript solution. it is one of many possibilities. this way
you restrict the user to use a javascript capable browser.
another way would be to use java applets. bad choice, though. ;)
if you use the js<-->perl solution, you'll have to invent a algorithm
yourself. if you're dealing with not-the-smartest users, then a rot13
might do. and you'll have to use the POST method.
for stronger encryption go here:
http://www.vidwest.com/crypt/
cheers,
Alex
|
|
|
|
|