[Pdx-pm] saving state with CGI.pm
poec at yahoo.com
Thu Nov 6 12:21:47 CST 2003
--- Austin Schutz <tex at off.org> wrote:
> have to save any state yourself and the user can go back to any part of the
> form at any point in the future and still access their data. You can set
> cookies at any part of your website and have them readable everywhere, sort
> of like global variables.
Er, sorry, but I have to say that this is a terrible idea.
(my credit card number and pin was stored in a cookie)
(Friendster stored password in cookie)
because a cookie revealed the location of her online journal)
You can read about those horror stories of storing user data in the cookies. One response might
be "store everything *but* sensitive data in the cookie", but at that point, it means you already
have a server-side mechanism for maintaining state and you no longer need to rely on the cookie.
Silence is Evil http://users.easystreet.com/ovid/philosophy/indexdecency.htm
Web Programming with Perl http://users.easystreet.com/ovid/cgi_course/
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
More information about the Pdx-pm-list