Question:
about password in php?
abinawale
2007-03-29 12:34:16 UTC
i am using php to enter the username and password into the database..but the problem is when i submit the form..then at the address bar those password and username are shown....i used crypt()....encrypt()...base64_encrypt and others to make it unknown to other viewers but its not working....can anyone help me with this problem....

thanking in advance
abin awale
Four answers:
anonymous
2007-03-29 17:16:03 UTC
Take in account that PHP is server-side, so how can the page encrypt the password prior to getting to the server? Encrypt it using VB Script or Java Script prior to even sending it. Use the encryption meyhods only to write your password data to the DB md5() works good also.
Fabian
2007-03-29 12:51:04 UTC
Using the POST method only serves to hide the data from the user. The password is still interceptable by a third party and still sent in the clear.



If you are really worried about this happening use an SSL connection for this area of your site.

( thats https://... )



I don't see what use crypt etc.. would be, as that is back end processing and the transmission of the password is invoked on the front end. You would have to use JavaScript to obfuscate the form data before sending if you really wanted to do it this way.



On that note - worth considering is this:

Often a password is stored in the database as a hash, (e.g. MD5) You could perform this hash on the front end with JavaScript, then nothing outside of the user's web browser will ever know the password.
Rex M
2007-03-29 12:40:01 UTC
Use POST instead of GET in your form method.



Keep in mind of course that POST only places the data into the request header instead of the URL querystring, so it's still readable by anyone standing between the client and the server. Your best option is to use SSL or use a token-key-hash method to secure the password with JavaScript on the client computer before it's sent.
Jaxbot
2007-03-29 13:49:04 UTC
The problem probably is, that your using $_GET and not $_POST.



Try using $_POST instead, and set your
.



Hope this helps.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...