I agree with Ed. Use sessions. It's more secure that how you are doing it because theusername is not stored in the page and retransmitted each page.
=C= * * Cal Evans * The Virtual CIO * http://www.calevans.com * -----Original Message----- From: Peter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 03, 2002 2:32 PM To: [EMAIL PROTECTED] Subject: [PHP] Authentication On my site, when a user logs in, their password is encrypted using md5() and the username and encrypted password is then passed from page to page using hidden form inputs (clicking on a link submits the form using POST). Does anyone have any comments on this method e.g. security wise? I know I could use sessions or cookies but is it relly necessary? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php