Small but serius Probs with GET method-- soln. urgent !

Here is a problem faced by me while handling the GET request method :

suppose the login form has user-id and password fields as text boxes. now after clicking on "sign-in" button the address bar of the following page(i.e the homepage of a particular member) shows:

.php?id=&pass=

- where "id" and "pass" are the names of above mentioned textfields of login form. The technique works fine, except the password is clearly displayed in the address bar. Any person havig very little intelligence will at once decode it and know the password of the user beside him. Now my qtn is, how to tackle with this shortcoming ?

REMEMBER: I have to do it by GET method only, and not by POST !

mahul000

Newbie Poster

8 posts since Sep 2006

Reputation Points: 10

Solved Threads: 0

5 Years Ago

I don't see why you can't use GET, but, serialize/encyrpt the password first. It's easy to do in PHP, but as you have to do it client side, hopefully there is some javascript md5 function.

Another solution would be to send the form data to a hidden iframe which first handles the data. You can then either do what you were intending in the hidden iframe, or you can simply process the URL, use PHP to convert the password to md5 then pass it on to the page you'd originally intended.

The IFrame would redirect to .php?id=&pass=DF098er3DKjD6798daDDF

mmonaco27

Light Poster

43 posts since Sep 2006

Reputation Points: 10

Solved Threads: 0

5 Years Ago

Truely encrypt your password before sending. Don't just hash it, and don't use the password passed through the URL.

Remember, when programming on the web, it's always a good idea to program as if somone can see your source code.

Puckdropper

Posting Pro

500 posts since Jul 2004

Reputation Points: 23

Solved Threads: 23

This article has been dead for over three months

You