Sensitive values passed like this will always be open to attack.
Personally i would store the values in the db and provide some operators to perform the manipulation on them. In this way you are 'passing' them via the db but without exposing the values.
So far as I understand there is no easy way to store a value in the db. Don't you need to create an object and store the value as an attribute? And there are the issues to do with creating and publishing the object on the fly (as shown in http://ez.no/community/contribs/hacks/one_click_new_object_and_publish_preview_hack).
I hope I am wrong here. Any pointers would be gratefully received.
You must be logged in to post messages in this topic!