security exposure

[xxreenaxx1]

What is the simple change can you make to prevent a possible security exposure

 

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>New Customer Registration Form</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>

  <body>
      <form action="ma801rr_process.php" method="post">
          <p>Title<select name="title">
<option value="Mr">Mr</option>
<option value="Mrs">Mrs</option>
<option value="Ms">Ms</option>
        <option value="Dr">Dr</option>
<option value="Prof">Prof</option>
</select>

          <p>First name:</p>
          <p><input name="forename" type="text" size="20" /></p>
          <p>Family name:</p>
          <p><input name="surname" type="text" size="20" /></p>
         	<p>Address:</p>
         <p><input name="address" cols="20" row="4"></input></p

          <p><input type="submit" value="Click"
          name="submit" /></p>

          <input type="hidden" name="submitted" value="true" />
  </form>
  </body>
</html>

 

 

 

 

 

<?php
		// handle_reg_form.php




		$title = $_POST['title'];
	$forename = $_POST['forename'];
	$surname = $_POST['surname'];
        $address = $_POST['address'];

        setcookie('title',$title);
	setcookie('forename',$forename);
        setcookie('surname',$surname);
	setcookie('address',$address);




	print '<html>
    <head>
        <meta http-equiv="Content-Type"
              content="text/html; charset=UTF-8">
        <title>Hello New Customer</title>
    </head>
    <body>';


        print "<p>Hello $title $forename $surname  of $address </p>"

		//print    '</body></html>'


	?>

 

 

 

 

 

[ialsoagree]

Could you clarify your question? Right now, all you've shown is that you have a form that submits data that is then echoed back to the user. To transfer this data between the user and your server securely you would use SSL (Secure Socket Layer) which is a type of HTTP protocol (specifically, HTTPS). This has nothing to do with PHP.

[xxreenaxx1]

Well the teacher who taught me told me something about cookies. If you remove something from this code, it will let the hacker to hack in and get the information from the file. So i was wondering which part of the informaion should be removed.

 

I also remeber him telling me something about setting cookied to have time. such as they are erased after the time expires.

[ialsoagree]

You are saving cookie data (which is no more or less secure than any other data in an HTTP request - once again, the kind of security you're looking for in terms of cookies is not related to PHP, it's a protocol issue of HTTP vs. HTTPS which uses SSL a many to 1 encryption method). A hacker can no easier gain access to the user's cookie (unless they have access to the user's computer, but that's a different story entirely) then they can the response from the server. Unless there's PHP you're not showing us (where information is stored anywhere other than a cookie) there's nothing in PHP you can do to add extra security (except encrypting the data before storing it in the cookie - but once again this only protects if the user's computer is compromised since you're printing the information in the cookie directly to the browser as plain text).

 

As far as cookie expiration, not setting a time tells the browser to delete the cookie when the browser is closed. Otherwise, setting a time tells the computer to delete the cookie after the expiration date.