If security is an issue, then HTTP should not be used to transport the HTML request at all, but rather HTTPS. The HTTPS session should be initiated with the login page, and then it is up to the key strenght and local browser settings to ensure whatever security and integrity needed. In any cases, Nik should uses POST to solve the problem he adress with his questions. Wheather he then further wants to protect his passwd is another matter, but Piotr points out: hidding the passwd with the browser is merely protecting the passwd from being read while typing it in. For the rest "anybody" is free to snoop the TCP/IP traffic and extract the passwd information. -----Original Message----- From: Donatas To: php-windows@lists.php.net Sent: 2003-11-23 09:44 Subject: Re: Password Protecting How do you MD5 it before sendig out to server? Is that possible on the user side? I guess not... Piotr Pluciennik wrote: >Your form is set to GET mode. Your form should work in POST mode. >Think also to MD5 your password before sending over internet. > >HTH >Piotr > >Nik wrote: > > > >>Hi Guys 'n' Gals >>My login page for my user consits of a text field and a password field. when >>the user clicks submit the password is being shown in the url, can someone >>please tell me how to hide this password. >> >>Thank you >>Nik >> >>-- >>PHP Windows Mailing List (http://www.php.net/) >>To unsubscribe, visit: http://www.php.net/unsub.php >> >> -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
