The sensitive information comes from my Oracle database on the backend. I
could program the CGI script to get the information by only sending half
(say, the "key") through the URI and querying for the rest, but that, to me,
takes up potentially too many resources if there is a way that I can
securely pass the information, seeing as I already have it in my module.
And, as I have said, I would do an internal redirect, but I need to often
set a cookie at the same time as well, which is why a standard redirect is
potentially the best way to go.
Yes, cookies are stored in a flat file. Fortunately, all from my domain are
encrypted anyway. I just wanted to avoid setting this information in the
cookie, encrypted or not. Oh well...
Jason Simms
>Where do you get that sensitive information from? If it is originated >on
>your own server then why can't CGI script get it without mod_perl? >Or why
>can't you do internal redirect and put that information into >query string?
>It doesn't go outside of your server anyway.
>
>If it is coming from client machine then there's nothing secure about >it.
>Cookies are stored in flat file and anyone can see what you >hiding there.
>
>As to ENV variables. Could PassEnv directive have something to do >with
>that?
>
>Andrei
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
