A project I'm working on needs a way to allow users to submit forms
in a secure fashion. The forms themselves may be widely distributed
and copied. The problem is when a user attempts to submit a form,
whence comes the authentication information required for the
The RIPEM & PEM/PGP authentication protocols for accessing restriced
files rightly place all of the information in the protocol. For form
submittal where the form would determine the authentication needed, it
seems sensible to place at least some information in the HTML source
itself, perhaps either in <HEAD> or <FORM>.
Assuming the form uses a method of post, should the authentication
information be tied to the CGI program and *not* to the server itself?
It is, after all, the CGI program which is handling the processing of
Has anyone worked on these issues?