when using the post method the form data is passed in the http header, is it possible this information can be accessed by someone using a protocol analyser to retrieve the password. I am trying to find a database login method.


<%@ Language=VBScript %>
<%option explicit%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY>
<H1>ASP FORM DEMO</H1>
<form name="userinfo" ACTION="maininfo.asp" METHOD="post">
<H2>Please fill in the following form</H2>
<PRE>
Name <INPUT type="text" name="uname">
email <INPUT type="text" name="password">

</PRE>
<INPUT type="reset" value="Reset" id=reset1 name=reset1>
<INPUT type="submit" value="Submit" id=submit1 name=submit1>
</form>
</BODY>
</HTML>

why use post?

I don't want to use the get method of the form because that will pass the form information as part of the Url. I want to find a way of connecting to a database server where the user enters their username and password and their details not be breached by any third party. The problem I have is the IIS server and SQL server are on different network servers and NT4 will not pass security information across the network. I believe this is corrected in windows 2000. Hopefully then I will be able to use integrated security where the details that the user logs into their workstation with will be securely passed to the SQL/IIS servers and the user will not have to enter their details any extra times than the initial NT authenticated login.

I'm not really the right person to answer your question but I do know that if someone really wants to get
your password over an intranet they can. packet sniffers are really good for this sort of thing.

sorry i can't help you more