Passing vars through link security?

hlstriker · May 1, 2007

Hi, I read somewhere that when passing a variable through a link it makes the site insecure. Is this true, if it is how do I make it secure?

Also, can people list other security breaches that a newbie should know and the fixes please.

twooton · May 1, 2007

what they mean is that when you're passing varibles through a link, the user can see your varibles. So if you had www.foo.com/index.php?username=bob&password=test, users would be able to see the varibles and their values. If you use a POST method instead of GET (<form action="?" method="post">), your varibles are "hidden" and do not appear in the link

genericnumber1 · May 1, 2007

There's an even bigger risk of them/whoever is with them seeing the values they submitted. Their browser will pass along the url of the linking page in the "referrer"(sic) header and the other website can see the info in the url.

hlstriker · May 1, 2007

Oh, I heard that people could enter a website in the spot the id is supposed to go, and then they could run scripts on my site or something?

john010117 · May 1, 2007

Instead of using links, make a simple form and pass the variables with the POST method instead. Ex:

<form action="link.php" method="POST">
...Form code goes here...
</form>

Sign In

Passing vars through link security?

Recommended Posts

hlstriker

Link to comment

Share on other sites

twooton

Link to comment

Share on other sites

genericnumber1

Link to comment

Share on other sites

hlstriker

Link to comment

Share on other sites

john010117

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information