hlstriker Posted May 1, 2007 Share Posted May 1, 2007 Hi, I read somewhere that when passing a variable through a link it makes the site insecure. Is this true, if it is how do I make it secure? Also, can people list other security breaches that a newbie should know and the fixes please. Quote Link to comment Share on other sites More sharing options...
twooton Posted May 1, 2007 Share Posted May 1, 2007 what they mean is that when you're passing varibles through a link, the user can see your varibles. So if you had www.foo.com/index.php?username=bob&password=test, users would be able to see the varibles and their values. If you use a POST method instead of GET (<form action="?" method="post">), your varibles are "hidden" and do not appear in the link Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted May 1, 2007 Share Posted May 1, 2007 There's an even bigger risk of them/whoever is with them seeing the values they submitted. Their browser will pass along the url of the linking page in the "referrer"(sic) header and the other website can see the info in the url. Quote Link to comment Share on other sites More sharing options...
hlstriker Posted May 1, 2007 Author Share Posted May 1, 2007 Oh, I heard that people could enter a website in the spot the id is supposed to go, and then they could run scripts on my site or something? Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 1, 2007 Share Posted May 1, 2007 Instead of using links, make a simple form and pass the variables with the POST method instead. Ex: <form action="link.php" method="POST"> ...Form code goes here... </form> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.