 |  |  |  |  |  |  |  |
Small but serius Probs with GET method-- soln. urgent !
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Here is a problem faced by me while handling the GET request method :
suppose the login form has user-id and password fields as text boxes. now after clicking on "sign-in" button the address bar of the following page(i.e the homepage of a particular member) shows:
<serverURL>.php?id=<someID>&pass=<somePass>
- where "id" and "pass" are the names of above mentioned textfields of login form. The technique works fine, except the password is clearly displayed in the address bar. Any person havig very little intelligence will at once decode it and know the password of the user beside him. Now my qtn is, how to tackle with this shortcoming ?
REMEMBER: I have to do it by GET method only, and not by POST !
suppose the login form has user-id and password fields as text boxes. now after clicking on "sign-in" button the address bar of the following page(i.e the homepage of a particular member) shows:
<serverURL>.php?id=<someID>&pass=<somePass>
- where "id" and "pass" are the names of above mentioned textfields of login form. The technique works fine, except the password is clearly displayed in the address bar. Any person havig very little intelligence will at once decode it and know the password of the user beside him. Now my qtn is, how to tackle with this shortcoming ?
REMEMBER: I have to do it by GET method only, and not by POST !
I don't see why you can't use GET, but, serialize/encyrpt the password first. It's easy to do in PHP, but as you have to do it client side, hopefully there is some javascript md5 function.
Another solution would be to send the form data to a hidden iframe which first handles the data. You can then either do what you were intending in the hidden iframe, or you can simply process the URL, use PHP to convert the password to md5 then pass it on to the page you'd originally intended.
The IFrame would redirect to <serverURL>.php?id=<someID>&pass=DF098er3DKjD6798daDDF
Another solution would be to send the form data to a hidden iframe which first handles the data. You can then either do what you were intending in the hidden iframe, or you can simply process the URL, use PHP to convert the password to md5 then pass it on to the page you'd originally intended.
The IFrame would redirect to <serverURL>.php?id=<someID>&pass=DF098er3DKjD6798daDDF
I honostly can't stand computers, networks, hardware, software, databases, programming languages, php, c++, mysql, windows, linux, macs, solaris, processors, protocols, servers, clients, chats, ims, emails, and so forth and so on; but I find myself rather intrigued...
•
•
Join Date: Jul 2004
Posts: 494
Reputation: 
Solved Threads: 21
Posting Pro in Training
Truely encrypt your password before sending. Don't just hash it, and don't use the password passed through the URL.
Remember, when programming on the web, it's always a good idea to program as if somone can see your source code.
Remember, when programming on the web, it's always a good idea to program as if somone can see your source code.
www.uncreativelabs.net
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
|
Similar Threads
- encryption speed problem (C#)
- Small but Serius Probs with GET req. method ! (HTML and CSS)
- Keeping Python window "on top" of others (Python)
- Tell us about yourself! (Community Introductions)
- Java Applet viewer blinks everytime the init method is used. (Java)
Other Threads in the PHP Forum
- Previous Thread: Persistence Layer in PHP
- Next Thread: How to get continent->country->city data.
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api array basics beginner binary broken cakephp checkbox class cms code cron curl database date datepart directory display download dynamic echo email error file files folder form forms function functions google head href htaccess html image include insert integration ip java javascript joomla limit link list login loop mail menu mlm mod_rewrite multiple mysql number oop parse password paypal pdf php phpmyadmin problem query radio random recourse recursion regex remote script search seo server sessions sms soap source space sql structure syntax system table tutorial update upload url validation validator variable video web webdesign xml youtube
