Home > Backend Development > PHP Tutorial > PHP Security - Password Sniffing

PHP Security - Password Sniffing

黄舟
Release: 2023-03-05 20:56:01
Original
2039 people have browsed it



Password sniffing

Although attackers sniffing (watching) network communications between your users and applications are not specifically used for access control, it is becoming increasingly important to be aware of data exposure, especially for authentication information.

Using SSL can effectively prevent HTTP requests and responses from being exposed. Requests to any resource using the https scheme are protected against password sniffing. The best approach is to always use SSL to send authentication information. You may also want to use SSL to send all requests containing session IDs to prevent session hijacking.

In order to prevent user verification information from being exposed, use the https scheme in the URL of the action attribute of the form as follows:

CODE:
 
  <form action="https://example.org/login.php"
method="POST">
  <p>Username: <input type="text"
name="username" /></p>
  <p>Password: <input type="password"
name="password" /></p>
  <p><input type="submit"
/></p>
  </form>
Copy after login


It is highly recommended to use the POST method in the verification form, because whether you use SSL or not, doing so will expose less verification information than the GET method.

Although this is only done to protect the user's authentication information from being exposed, you should still use SSL for HTML forms. This is not done for technical reasons, but users will feel more comfortable entering verification information when they see that the form is protected by SSL (see Figure 7-1).

Figure 7-1. Most browsers will display a lock icon when the current resource is protected by SSL

The above is the content of PHP security-password sniffing. For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template