in reply to web cgi forms data security...

In the past I have used the technique described by Mark Neilson in Issue 59 of the Linux Gazette. In (brief) summary, it uses Crypt::Blowfish to encrypt sensitive data in binary and then uses unpack to turn that binary format into ASCII (well, ok, a hex representation of the binary data) that can be placed into a URL. The receiving page then uses pack before Crypt::Blowfish decrypts it.

IMHO, the only downfall of this method as described is that the key is in plaintext in the perl files. As perl is an interepted language, anyone with permission to read these files can also obtain the key.

I agree that sensitive information should be placed into some store (such as a database) and retrieved using session.

==fx, Infinity is Colourless