Reputation: 1059
How to securely pass data from php forms to html
I have a login system which is an html form and I need to send the username and password back to the php backend where I can there securely encrypt it and store it in a database. I was wondering what the most up to date and secure method of doing this is. Bearing in mind that this is the barebones string form of the password it is very important to be vigilant of the most secure way of passing it back. I know that $_GET and $_POST are extremely unsecure. Do I encrypt the data in javascript before it is sent back to the server hence the javascript hashing algorithm being laid bare to the end user or is simply https encryption sufficient? If I have https encryption would I then simply pass it back using $_GET and $_POST? Thanks
Upvotes: 0
Views: 1272
Answers (1)
Reputation: 1586
- Google for and read relevant information such as this.
- Do not hash on the client. Pass the clear-text password to the server.
- Use POST to keep the password out of the URL (URLs have a nasty way of getting logged and otherwise exposed to people).
- I personally recommend to use HTTPS everywhere but the minimum is to use HTTPS for the login form and all pages that follow login.
- Store the password in the database using PHP's
password_hashfunction and verify it usingpassword_verify.
Upvotes: 1
Related Questions
- pass data in encrypt form using javascript and get in php
- How to send data between ajax and php in secure way?
- Obfuscating POST variables between Javascript & PHP
- How to encrypt data on the post with php
- securely passing sensitive data from PHP to javascript
- Passing password from Javascript to PHP in a secured way
- Send data sensitive data to javascript
- Securely submit form using JavaScript / PHP
- How to encrypt form data?
- pass secure data to jquery from php