Reputation: 27048
How to establish a secure page transfer using a form?
I have index.php and I have a login form:
<form method=post action="login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" name="pass" id="login_pass"/>
<input name="msubmit" type="submit" value="Login" />
</form>
How can I make sure that the form gets processed through a secure line?
Do I have to add https://?
<form method=post action="https://test.com/login.php" id="login"
Any ideas?
Thanks.
Upvotes: 0
Views: 63
Answers (2)
Reputation: 60007
Use https protocol. Also treat all the parameters as tainted - and get the PHP script to process them in a responsible fashion.
*I.e. parse (regular expressions) them and escape them if necessary when using a database/command line *
Upvotes: 0
Reputation: 1038890
Yes, the best way is to specify https:
<form method="post" action="https://domain.com/login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" name="pass" id="login_pass" />
<input name="msubmit" type="submit" value="Login" />
</form>
Even if index.php was served through a secure channel, it is good practice to explicitly specify https on the post action because this is the request which sends sensitive data over the wire. But it is also recommended to have index.php served through https only.
Upvotes: 1
Related Questions
- Secure DataVault for storing credit card details - PCI DSS
- How to ensure PCI Compliant for HTML and Ajax request
- PCI compliance (PCI DSS) for Front End
- XOR encryption/decryption and compliance
- Encrypting Crypt field using asp.net webpages for SagePay Form Integration
- PCI - Card Data Transmission
- Encrypting data transfer from one page to another
- PCI Compliance - is SSL required in the Transparent Redirect scenario?
- pci compliance c#
- What's a clean/simple way to ensure the security of a page?