I have i开发者_如何学Pythonndex.php
and I have a login form:
<form method=post action="login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" name="pass" id="login_pass"/>
<input name="msubmit" type="submit" value="Login" />
</form>
How can I make sure that the form gets processed through a secure line?
Do I have to add https://
?
<form method=post action="https://test.com/login.php" id="login"
Any ideas?
Thanks.
Yes, the best way is to specify https
:
<form method="post" action="https://domain.com/login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" name="pass" id="login_pass" />
<input name="msubmit" type="submit" value="Login" />
</form>
Even if index.php
was served through a secure channel, it is good practice to explicitly specify https
on the post action because this is the request which sends sensitive data over the wire. But it is also recommended to have index.php
served through https
only.
Use https protocol. Also treat all the parameters as tainted
- and get the PHP script to process them in a responsible fashion.
*I.e. parse (regular expressions) them and escape them if necessary when using a database/command line *
精彩评论