in reply to Preventing changes on the

What if you trapped all calls to the page that did not have the proper query string by printing out an error page for each URL that did not match; something like:

#/usr/bin/perl use CGI qw(:standard); use strict; my $q=new CGI; # Check values from the query string unless ($q->param('user') eq 'foolish' && $q->param('id') eq '2') { print $q->header, $q->start_html(-title=>'Page not found'); print h2("This page was not found"), $q->end_html; exit; } # Real page code follows

This only works if the script were the first page called from a blank location line by a user. If you use the query string user=foolish&id=2 in a redirect, hidden value, or any other programmatic call to the script, the keys can easily be seen by anyone running the scripts. Then I think you will need one of the more hard-core authentication methods recommended above.

Live in the moment