Encryption

CybJunior

Hi.
The password and login are sent by GET and that makes them viewable in the address bar. Can i encrypt them somehow without using POST. So they would look like aDyfd7ybf87sNgF7dnf7dJ ? I know that there's some kind of md5 encryption but how do i use it? I just want to know if there is some function like encrypt($password) or something?
Thanks in advance.

thorpe

probably easiest to use base64. just remember, this isn't really making things any safer.

CybJunior

The thing is that the passwords and logins in the database are not encoded and when i use action=\"?block=order&pass=".base64_encode($password)."&email=".base64_encode($email)
they dont match.

thorpe

just decode them at the other end before you try and compare them. you really should be stroing your passwords hashed with [man]md5[/man] aswell though. but keep in mind md5 is unreversable.

MarkR

No. Use POST for login forms.

Don't do any of your own encryption, that is pointless. If you want stuff encrypted to/from your web server, use HTTPS.

Anyone intercepting the URL, could simply use it unmodified (assuming the encryption was still valid) and it would still be decrypted, thus enabling them to access the site (even if they could not find the password).

Therefore, this would be password-equivalent, so you may as well not bother.

Mark