if you are using these values to check for user login across multpile pages
on your site (i.e you want the user to login at one place and you are
passing the login info to all the other pages on the site using the hidden
fields ) you should take a look at the concept of user sessions
take a look at the phplib session management, tutorials on sessions at
www.phpbuilder.com (I am not very sure bnut I recall they had one) and the
session functions in the php manual.
hope that helps
Ankur Verma
HCL Technologies
A1CD, Sec -16
Noida, UP
India
----- Original Message -----
From: "Marc Aragnou" <[EMAIL PROTECTED]>
To: "PHP Lists" <[EMAIL PROTECTED]>
Sent: Tuesday, February 13, 2001 6:00 AM
Subject: [PHP] security question
> Hello there,
>
> I'm posting a username and a password with:
>
> <input type="hidden" name="username" value="<?php echo $username ?>">
> <input type="hidden" name="password" value="<?php echo $password ?>">
>
> When I check $HTTP_POST_VARS I can see the values as they're plain text.
Is
> this still safe to do or should I encrypt the strings before posting them
> between pages?
>
> Thanks for your help.
>
> -----Original Message-----
> From: Brian V Bonini [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 13 February 2001 11:07 AM
> To: PHP Lists
> Subject: [PHP] serialize/deserialize data
>
>
> What exactly does
> serialize/deserialize data
> mean?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
