Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How safe is the "<input type="password"

Status
Not open for further replies.
michelleqw

michelleqw

Programmer
Jan 4, 2004
120
0
0
DE
Dear PHP users,

To move data to an other page we are using the form action method Post. How safe is it to send with the help of this system a password to an other page?
For the input of the pasword we are using: "<input type="password".

Are there other possibilities to check a password, via MySQL, on the input page? PHP doesn't have the click event!

Nice regards,

Michelle.
 
Sort by date Sort by votes
Just because you are using PHP it doesn't mean you cant add a little java. Code in what you want... with imagination anything is possible, with PHP *everything* is possible.



______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
Upvote 0 Downvote
You need to understand the disconnected, client-server architecture of browsing a website. When a client browser makes a request to a webserver and the webserver serves the HTML document back to the browser, the connection no longer exists. There is nothing live between the client (browser) and server (web server). A new, independant connection is made everytime the browser navigates to another page -- whether on the same webserver or other web servers. Of course there are tricks using session variables that are passed back and forth between each connection to simulate state--and it works well.

The point is, right now, you have page1 with a form. Page1 submits to page2. The form on page1 contains a type=password input field. You want the password to be as secure as possible. You wonder about the possibility for the server to communicate directly with page1 rather than submit page1 to page2 -- I assume your thinking is that then the password would not be submitted over the network and Internet. BUT, there is not any communication between the client and server unless the client submits to the server. (A true Java app is an exception to this -- and this is why the other poster mentions using Java. I know nothing about Java unfortunately.)

The type=password field provides simple security in not displaying the characters on screen, but when transmitted to the webserver over the network, it is plain text. The most standard solution for securing data during transmission is to use SSL (HTTPS). SSL requires having an SSL certificate configured on the webserver. You'll notice most any online commerce system uses HTTPS whenever dealing with login and credit card data. This prevents useful data from being hijacked during transmission. For help with SSL, I'm sure there are plenty of threads regarding that.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
238
Chris Miller
Chris Miller
ravicoder
  • Locked
  • Question
Populating a span based on input field
Replies
0
Views
50
ravicoder
ravicoder
EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
146
EdLentz
EdLentz
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
152
ersatz
ersatz
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
121
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top