Php question. if a user types a username and password in html form. Is it safe to retrieve it via php post?
Aintitthetruth
2008-09-04 19:30:20 UTC
Will the html form data be sent to php in a secure way or can anyone see the username and password being transmited.
Three answers:
anonymous
2008-09-04 19:37:35 UTC
Nope.
anonymous
2008-09-04 20:03:17 UTC
The field values are sent in the HTTP header and are handled by your PHP script when they arrive at the server. Unfortunately, they travel across that connection in plain text most of the time.
If you're concerned about the security of the data, you need to use an SSL connection to encrypt the data.
The other option is to do the data verification and encryption on the client (browser) side using Javascript. This isn't a really good option because Javascript isn't not the best language for data verification.
Brian K
2008-09-04 20:09:27 UTC
There are two typical requirements for basic security when sending passwords from HTML forms:
1) Use method POST rather than method GET to prevent the name and password from being part of the URL (and appearing in request logs), and
2) Use HTTPS (secure HTTP) rather than plain HTTP so that the form data is encrypted during transmission. Your server must be configured to support this.
ⓘ
This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.