Hi all,
This isn't strictly a PHP issue but is quite related. Given that you have
a PHP-driven web site with user authorization and session identifiers etc.,
what can you do to prevent electronic "snooping" of the clear text password
that is passed from the browser to the server? When filling out a form,
for example:
Enter your user name and password:
...
<FORM ACTION="<?=$PHP_SELF?>" METHOD="POST">
<B>User Name:</B><BR>
<INPUT TYPE="TEXT" NAME="newusername" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>Password:</B><BR>
<INPUT TYPE="password" NAME="newpassword" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login">
</FORM>
...
the TYPE="password" makes sure the browser doesn't echo the password as it
is typed but it is still sent to the web server as clear text. How do
folks deal with this issue?
Thanks,
Bill
---
Bill Rausch, Software Development, Unix, Mac, Windows
Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
