Home > Archive > PERL CGI Beginners > May 2004 > Redirecting
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Jan Eden 2004-05-22, 11:32 am |
| Hi all,
I wrote a script which operates in various modes (view, edit, commit). Call=
ing the script in edit mode and submitting the resulting html form calls th=
e script in commit mode. Before editing, though, the user has to identify h=
imself. The user name and password are stored in hidden html input tags.
But after committing the data to my database, I use CGI's print $q->redirec=
t() to call the script again, this time with the user name and password as =
parameters visible in the browser's address bar.
How can I circumvent making the parameters visible? Is there an alternative=
method for redirection (in fact, it's a recursive call to the script)?
Thanks,
Jan
--=20
A common mistake that people make when trying to design something completel=
y foolproof is to underestimate the ingenuity of complete fools.
| |
| Randal L. Schwartz 2004-05-22, 11:32 am |
| >>>>> "Jan" == Jan Eden <lists@janeden.org> writes:
Jan> But after committing the data to my database, I use CGI's print
Jan> $q->redirect() to call the script again, this time with the user
Jan> name and password as parameters visible in the browser's address
Jan> bar.
Jan> How can I circumvent making the parameters visible? Is there an
Jan> alternative method for redirection (in fact, it's a recursive
Jan> call to the script)?
Redirect using a session ID instead. Generate a nice unguessable
value, and then tie that with a server-side database to the actual
username.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
|
|
|
|
|