1. Home
2. Questions
3. Unanswered
4. AI Assist Labs
5. Tags
7. Chat
8. Users
10. Companies
Teams

Ask questions, find answers and collaborate at work with Stack Overflow for Teams.
Try Teams for free Explore Teams
Teams
Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Explore Teams

Return to Answer

deleted 31 characters in body

Source Link

edited Nov 7, 2015 at 21:45

201
4
6

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (yourbrowser, your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Another thing as that you never ever should save a password in plain text wherever it is possible. Always use a hashing algorithm with salts. Example: http://php.net/manual/en/function.password-hash.php

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Another thing as that you never ever should save a password in plain text wherever it is possible. Always use a hashing algorithm with salts. Example: http://php.net/manual/en/function.password-hash.php

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (browser, your provider, proxy, vpn, etc..) can see the password.

Another thing as that you never ever should save a password in plain text wherever it is possible. Always use a hashing algorithm with salts. Example: http://php.net/manual/en/function.password-hash.php

added 179 characters in body

Source Link

edited Nov 7, 2015 at 16:31

201
4
6

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Another thing as that you never ever should save a password in plain text wherever it is possible. Always use a hashing algorithm with salts. Example: http://php.net/manual/en/function.password-hash.php

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Another thing as that you never ever should save a password in plain text wherever it is possible. Always use a hashing algorithm with salts. Example: http://php.net/manual/en/function.password-hash.php

added 179 characters in body

Source Link

edited Nov 7, 2015 at 16:24

201
4
6

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Checking passwords / sending passwords via $_GET (in URL) as a absolutely nogo. You have to send that credentials via $_POST, using a <form> or Ajax. You also don't need to use strcmp(), a simple comparison for example if("pw" === "pw") is enough.

Why is $_GET or passwords in url bad? So many reasons, it is just evil. Example, every logging between you and the website (your provider, proxy, vpn, etc..) can see the password, also when your site use https.

Source Link

answered Nov 7, 2015 at 16:20

201
4
6

Loading