[PHP] Encrypting passwords from page to page -mcrypt question

[Scott Taylor]

I would like to go from page to page, submitting the password through a 
GET query string.  Of course I wouldn't want to do this unencrypted.  So 
is mcrypt the best option? 

When submitting the data, would I also need to sumit the IV as well as 
the encrypted data?  Or am I completely off base with this one?  Should 
I also base64_encode() this data when passing it?

Scott Taylor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encrypting passwords from page to page -mcrypt question

[Jordi Canals]

Scott Taylor wrote:
I would like to go from page to page, submitting the password through a 
GET query string.  Of course I wouldn't want to do this unencrypted.  So 
is mcrypt the best option?
I think to submit the password on the query string is a really bad idea. 
 What will happend if a user decides to mail the URL to someone? Any 
recipient of that message would have access to the password protected data.

In my opinion, passwords NEVER should be sent to the client computer in 
any form (encrypted or not).

I will recomend to find a different way to authenticate the user on 
every page wich does not require sending him the password.

Regards,
Jordi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php