PHP Forum

**mrpaul** · 01-04-2006, 09:18 PM

Well belive it or not i'm going to ask
"Is useing $_GET with passwords secure?"
eg: http://www.mysite.com/login.php?user...&password=PASS
Someone once said it's not secure to cary passwords in the url but i cant see what could go wrong? Can someone tell me why i shouldent do this?

**Republikin** · 01-04-2006, 09:25 PM

How about the fact that the password is now openly visible to anyone just walking by. Also, how about the fact that the page could be cached URL and all. It would also be much much easier for someone to hack into an account.

**Anacrusis** · 01-04-2006, 09:52 PM

Let's put it this way, if YOU can see the password... so can everybody else. It's best to use the post method to pass passwords to another page.
Or store an encrypted version of the password in the session.

**Village Idiot** · 01-05-2006, 02:46 PM

as Anacrusis said, use post

**vangogh** · 01-05-2006, 04:58 PM

Yes please use $_POST for the uername and password. And if not please post a link to your site here so we can all have full access.

**mrpaul** · 01-05-2006, 05:37 PM

full access? can you explain to me how you would get full access just by haveing the password in the url?

anyway it's for a mailing list i created, i was gona have it so that at the bottom of each email sent ther was a link people could click to stop the emails. then i thought maybe i should make them log in coz i dont want anybody stoping anybodys emails. Hence the thought of password in url.

**Village Idiot** · 01-05-2006, 06:05 PM

because we can type in our own get data, we cant do that with post

**vangogh** · 01-05-2006, 08:38 PM

When I said full access I just meant the same access any member to the site would have. I wasn't meaning I'd have the same access as you have to the site. The comment was really meant as humor. My apologies if it didn't come across the way.

I think we all agree that you should use post instead of get. Some simple scenarios for what could happen with get.

1. I'm part of your mailing list. You send me that link with the user/pass info in the url. Ok so it's my user/pass so what. Upon seeing that you use it in the url I can start typing in guesses for other people's user/pass to try to login as someone else. I assume since you have user/pass info in the first place you only want people logging in as themselves.

2. Someone logs into your site from a public computer, maybe at a school or library. The next person who comes by looks at the browser history and the url with user/pass info is included. That person can now log in to the site anytime they want.

Both of these scenarios don't even mention someone who deliberately sets out to get into your site. Discovering usernames and passwords isn't really difficult given that most people use very common words as passwords. By using get you're creating a window for anyone who wants to login to your site.