What is SSL?

If I want people to use my Web Server and CGI passing in parameters which I don't want people to view?

E.g. http://myweb/cgi-bin/mycgi.cgi?pw=123456&user=me

With SSL helps? And if so, how does SSL do it?

>>I don't want people to view?

In which way? Look over shoulder? If so, use POST method instead of GET method.

URL encoding is nice for both users (because they can bookmark it, email it to friends, switch between browsers, and so forth) and for servers (because it's not tied ot a particluarl server if you're load balancing), but it does make a big ugly URL. In particular although Netscape and others allow around 8k of data in the url, Internet Explore limits you to 800 bytes, I believe.

Anyways, cookies and sessions are both good ways to do what you want. You can stuff as many vars as you want into the session and then keep track of what session they have either via a cookie stored on their system or via an ID in the URL, which is a little easier on the eyes and shorter. However, they gives you some more instability (if webserver restarts, they are forced back to logon page, for example) and peopel don't like cookies anyways.

sherman's info is good but the simplest answer (if I understand your question) is simply to use <FORM METHOD="post" .....> rather than <FORM METHOD="get" ....>. This will keep the variables hidden. SSL is a whole other topic if you wanted the actual data to be encrypted but it sounds like you just don't want the variables viewable in the URL window. The urlencode simply takes care of spaces and junk in the get string. I don't think URL encoding will "hide" the values.

If your data is not originating in a form but from a hypertext link then my suggestion won't work (but then again you shouldn't be sending passwords in a text link anyway...)

Hope this helps.