Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
Two of the variables are the users username and password which i do not want to put in 'hidden' fields as this is not very secure
Eh? define "secure"... Does it mean that no-one will ever, ever be able to find out that information? or does it mean that it would never be worth anyone's while to find out that information?

To be honest, I think you're thinking in the wrong direction. You would certainly want to minimize the traffic of the users' names and passwords (ie never send the information more than once), and you should encrypt information while it's in transit (ie use SSL). The differences in security of HTML hidden fields and any other type of (HTTP) transmission I can think of are minimal.

The normal (and probably "best") way of doing it is something like this: offer the users an HTML form over SSL, in which they enter their identifying information -- their authentication -- you then check the supplied credentials, assign privileges -- their authorization -- and give the user a token (often an HTTP cookie) which you can verify to be correct and unmolested (eg via cryptographic signatures). That way, the username and password is only entered and passed once, and you check the validity of the cookie at each subsequent stage.

That's enough parentheses for one post... happy new year.


davis
Kids, you tried your hardest, and you failed miserably. The lesson is: Never try.

In reply to Re: Secure way of passing variables between forms by davis
in thread Secure way of passing variables between forms by colinb444

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others musing on the Monastery: (11)
    As of 2014-08-01 09:09 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      My favorite superfluous repetitious redundant duplicative phrase is:









      Results (257 votes), past polls