开发者

How to establish a secure page transfer using a form?

开发者 https://www.devze.com 2023-04-06 18:33 出处:网络
I have i开发者_如何学Pythonndex.php and I have a login form: <form method=post action=\"login.php\" id=\"login\">

I have i开发者_如何学Pythonndex.php and I have a login form:

<form method=post action="login.php" id="login">
 <input type="text" size="16" maxlength="30" name="login" id="login_user" />
 <input type="password" name="pass" id="login_pass"/>
 <input name="msubmit" type="submit" value="Login" />
</form>

How can I make sure that the form gets processed through a secure line?

Do I have to add https://?

<form method=post action="https://test.com/login.php" id="login"

Any ideas?

Thanks.


Yes, the best way is to specify https:

<form method="post" action="https://domain.com/login.php" id="login">
    <input type="text" size="16" maxlength="30" name="login" id="login_user" />
    <input type="password" name="pass" id="login_pass" />
    <input name="msubmit" type="submit" value="Login" />
</form>

Even if index.php was served through a secure channel, it is good practice to explicitly specify https on the post action because this is the request which sends sensitive data over the wire. But it is also recommended to have index.php served through https only.


Use https protocol. Also treat all the parameters as tainted - and get the PHP script to process them in a responsible fashion.

*I.e. parse (regular expressions) them and escape them if necessary when using a database/command line *

0

精彩评论

暂无评论...
验证码 换一张
取 消