You are viewing a plain text version of this content. The canonical link for it is here.

Posted to embperl@perl.apache.org by "Steven D. Arnold" <st...@permanent.cc> on 2000/05/04 22:13:05 UTC

URL problem

I've noticed that EmbPerl has the useful quality of setting the URL of any
page I go to to a value that will take me back to the same page if entered
manually from the browser. This provides a very nice automatic-bookmarking
feature. However, there is one serious problem. I have a login page which
requires a username and a password. When the user logs in, the url in the
browser shows the cleartext value of the password. Obviously, that is a
huge security problem, and I would suggest that Embperl should not put the
value of a field in the URL if the input field from which is came was of
type password. Is there any way to turn off this display of the password
field?

steve

RE: URL problem

Posted by indrek siitan <tf...@cafe.ee>.

Hi,

> I have a login page which requires a username and a password. 
> When the user logs in, the url in the browser shows the cleartext 
> value of the password. Obviously, that is a huge security problem, 
> and I would suggest that Embperl should not put the value of a 
> field in the URL if the input field from which is came was of type 
> password. Is there any way to turn off this display of the password 
> field?

just use METHOD=POST in your login page <FORM> tag instead of GET.


Rgds,
  Tfr

  --==< tfr@cafe.ee >==< http://tfr.cafe.ee/ >==< +1-504-4467425 >==--