On 2003-10-06, Steve Comrie <[EMAIL PROTECTED]> wrote:
> I know there's a couple people on the list that have mentioned it before and
> I haven't had a use for it up until now, but what techniques / CPAN modules
> are being used to encrypt static URL's to prevent URL hacking?
By static URL, I assume you mean a "GET" style query string, not just
the URL of a static page.
My applications tend to be (Postgres) database backed. Often I pass
around primary ids of table rows (instead of the data). Or, if a user
has some data that is specific to them, it can be stored in session
table, and just the session_id is passed. Lately, I've been using
CGI::Session for that, and I will be start using my own
CGI::Session::PureSQL module with it soon.
"PureSQL" stores data in the standard database way of one value per
column, rather than the default CGI::Session method of serializing all
the data into a Perl data structure in a single DB column. That will be
released on CPAN once its cleaned up a bit.
I noticed that someone wrote CGI::Session::Auth, which adds extra
functions to check for "logged_In" and so forth. I may look more into
that module as well.
Mark
--
http://mark.stosberg.com/
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
