>On my site, when a user logs in, their password is encrypted using md5() and
>the username and encrypted password is then passed from page to page using
>hidden form inputs (clicking on a link submits the form using POST).
>Does anyone have any comments on this method e.g. security wise? I know I
>could use sessions or cookies but is it relly necessary?

Well, I can still 'sniff' their encrypted password and then hijack that
session, or walk into the public library and take the cookies from your

Won't work for Fort Knox, but might be fine for your needs.

What are you trying to guard?

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to