>On my site, when a user logs in, their password is encrypted using md5() and >the username and encrypted password is then passed from page to page using >hidden form inputs (clicking on a link submits the form using POST). >Does anyone have any comments on this method e.g. security wise? I know I >could use sessions or cookies but is it relly necessary?
Well, I can still 'sniff' their encrypted password and then hijack that session, or walk into the public library and take the cookies from your site... Won't work for Fort Knox, but might be fine for your needs. What are you trying to guard? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
