Jump to content


Photo

php form: method="POST" - security


  • Please log in to reply
3 replies to this topic

#1 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 27 April 2006 - 11:52 PM

I'm starting out to make a system for people to save login/password information to a database (mysql) - basically a place to check all their pop3 email accounts from one login on my system.

I'll need the passwords in plain text so they can be passed correctly to the server for login details(IE: not md5), is it safe to post passwords through a hidden field form?

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 28 April 2006 - 12:06 AM

No. People will be able to see them by doing a show source. Using sessions are a little more secure, but since sessions are stored in files, they can be read.

We'll need a little more information before we can advise you how to do this securely.

Ken

#3 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 28 April 2006 - 12:11 AM

[!--quoteo(post=369403:date=Apr 27 2006, 07:06 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 27 2006, 07:06 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
No. People will be able to see them by doing a show source. Using sessions are a little more secure, but since sessions are stored in files, they can be read.

We'll need a little more information before we can advise you how to do this securely.

Ken
[/quote]

The users would need to first create an account and login, then they would only see their own details for each page. Using foreign keys to have seperate tables for my users and their pop3 login details. If a person isn't logged in, they wouldn't see anything about it in the source.


Sorry I wasn't more clear...

#4 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 28 April 2006 - 10:17 PM

*bump*




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users