Username and Password Exposed
Moderator: General Moderators
- Love_Daddy
- Forum Commoner
- Posts: 61
- Joined: Wed Jul 10, 2002 6:55 am
- Location: South Africa
- Contact:
Username and Password Exposed
Hi Guys,
I have written a script to authenticate the username and password using forms.
So my problem is, when everything is okay, my username and password are displayed on the location
bar. that it'll give something like this:
http://localhost/login.php?username=Rom ... word=xxxxx
So how do I hide that?
I have written a script to authenticate the username and password using forms.
So my problem is, when everything is okay, my username and password are displayed on the location
bar. that it'll give something like this:
http://localhost/login.php?username=Rom ... word=xxxxx
So how do I hide that?
What I did with 1 of my scripts is to give every user a randomly generated code, and put that in the url along with other data... so you'd get. index.php?U=58DB9g Or something similar. If you use lots of letters and number the ammount of possible combos is such that it becomes... well not 100% secure, but hard enough to crack imho
- Love_Daddy
- Forum Commoner
- Posts: 61
- Joined: Wed Jul 10, 2002 6:55 am
- Location: South Africa
- Contact:
- gite_ashish
- Forum Contributor
- Posts: 118
- Joined: Sat Aug 31, 2002 11:38 am
- Location: India
hi,
Either there is some problem with FORM submittion
-OR-
the URL http://localhost/login.php?username=Rom ... word=xxxxx is not the result of what we are talking about.
The FORM variaables are NOT displayed in the Query String (location bar) while using the POST method !I'm using the Post-Method,
Either there is some problem with FORM submittion
-OR-
the URL http://localhost/login.php?username=Rom ... word=xxxxx is not the result of what we are talking about.
http://localhost/login.php?username=Rom ... word=xxxxx
login.php and a login/password-pair made me think it concerns a login procedure
login.php and a login/password-pair made me think it concerns a login procedure