send encrypted vars without javascript

narcis

This is my first message on this forum.
I want secure a web site, using php session, I use something like this (very summary, ofcourse):

session_start();
if (session_is_registered('name'))
{
//here is code for registered session
}
else
{
//here I use a form with user, password and submit button

}

My problem is: how secure is let explorer send to internet a line like this: mypage.php?user=username&pass=mypass

I thought this can be easy intercepted (???)
I saw many pages using java procedure for encrypyt variables.

It is possible do not use javascript ?

Thanx for any suggestion, link or advice

bad76

Welcome,
if you use method=post in the form, you can submit without show the variables in statusbar. And without using JS...

If your problem is an intercept on the line between client and server, you have to use a secure protocol, like HTTPS.

Encrypt before send is useless: an interceptor can intercept the encrypted code and submit this...

I hope this helps...